diff options
| -rw-r--r-- | .github/workflows/stale.yml | 25 | ||||
| -rw-r--r-- | cmd/podman/cliconfig/config.go | 1 | ||||
| -rw-r--r-- | cmd/podman/network_create.go | 2 | ||||
| -rw-r--r-- | completions/bash/podman | 1 | ||||
| -rw-r--r-- | docs/podman-network-create.1.md | 5 | ||||
| -rw-r--r-- | libpod/networking_linux.go | 28 | ||||
| -rw-r--r-- | pkg/adapter/network.go | 14 | ||||
| -rw-r--r-- | pkg/network/config.go | 14 | ||||
| -rw-r--r-- | pkg/network/netconflist.go | 21 |
9 files changed, 102 insertions, 9 deletions
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 000000000..44cb82ff0 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,25 @@ +name: Mark stale issues and pull requests + +# Please refer to https://github.com/actions/stale/blob/master/action.yml +# to see all config knobs of the stale action. + +on: + schedule: + - cron: "0 0 * * *" + +jobs: + stale: + + runs-on: ubuntu-latest + + steps: + - uses: actions/stale@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'This issue had no activity for 30 days. In the absence of activity or the "do-not-close" label, the issue will be automatically closed within 7 days.' + stale-pr-message: 'This pull request had no activity for 30 days. In the absence of activity or the "do-not-close" label, the pull request will be automatically closed within 7 days.' + stale-issue-label: 'stale-issue' + stale-pr-label: 'stale-pr' + days-before-stale: 30 + days-before-close: 7 + exempt-pr-label: 'do-not-close' diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index 4831b7971..86258a543 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -267,6 +267,7 @@ type MountValues struct { type NetworkCreateValues struct { PodmanCommand Driver string + DisableDNS bool Gateway net.IP Internal bool IPamDriver string diff --git a/cmd/podman/network_create.go b/cmd/podman/network_create.go index 11f13faad..6710883ae 100644 --- a/cmd/podman/network_create.go +++ b/cmd/podman/network_create.go @@ -46,7 +46,7 @@ func init() { // TODO enable when IPv6 is working //flags.BoolVar(&networkCreateCommand.IPV6, "IPv6", false, "enable IPv6 networking") flags.IPNetVar(&networkCreateCommand.Network, "subnet", net.IPNet{}, "subnet in CIDR format") - + flags.BoolVar(&networkCreateCommand.DisableDNS, "disable-dns", false, "disable dns plugin") } func networkcreateCmd(c *cliconfig.NetworkCreateValues) error { diff --git a/completions/bash/podman b/completions/bash/podman index 2a55183bd..0abf9e738 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -982,6 +982,7 @@ _podman_network_create() { --subnet " local boolean_options=" + --disable-dns --help -h --internal diff --git a/docs/podman-network-create.1.md b/docs/podman-network-create.1.md index 0679d8ee2..c281d50d9 100644 --- a/docs/podman-network-create.1.md +++ b/docs/podman-network-create.1.md @@ -15,6 +15,11 @@ If no options are provided, Podman will assign a free subnet and name for your n Upon completion of creating the network, Podman will display the path to the newly added network file. ## OPTIONS +**--disable-dns** + +Disables the DNS plugin for this network which if enabled, can perform container to container name +resolution. + **-d**, , **--driver** Driver to manage the network (default "bridge"). Currently on `bridge` is supported. diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 4360c8c15..daa0619a2 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -5,6 +5,7 @@ package libpod import ( "crypto/rand" "fmt" + "io/ioutil" "net" "os" "os/exec" @@ -131,7 +132,7 @@ func checkSlirpFlags(path string) (bool, bool, bool, error) { cmd := exec.Command(path, "--help") out, err := cmd.CombinedOutput() if err != nil { - return false, false, false, err + return false, false, false, errors.Wrapf(err, "slirp4netns %q", out) } return strings.Contains(string(out), "--disable-host-loopback"), strings.Contains(string(out), "--mtu"), strings.Contains(string(out), "--enable-sandbox"), nil } @@ -158,6 +159,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { havePortMapping := len(ctr.Config().PortMappings) > 0 apiSocket := filepath.Join(ctr.runtime.config.TmpDir, fmt.Sprintf("%s.net", ctr.config.ID)) + logPath := filepath.Join(ctr.runtime.config.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID)) cmdArgs := []string{} if havePortMapping { @@ -165,7 +167,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { } dhp, mtu, sandbox, err := checkSlirpFlags(path) if err != nil { - return errors.Wrapf(err, "error checking slirp4netns binary %s", path) + return errors.Wrapf(err, "error checking slirp4netns binary %s: %q", path, err) } if dhp { cmdArgs = append(cmdArgs, "--disable-host-loopback") @@ -210,6 +212,18 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { // Leak one end of the pipe in slirp4netns, the other will be sent to conmon cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncR, syncW) + logFile, err := os.Create(logPath) + if err != nil { + return errors.Wrapf(err, "failed to open slirp4netns log file %s", logPath) + } + defer logFile.Close() + // Unlink immediately the file so we won't need to worry about cleaning it up later. + // It is still accessible through the open fd logFile. + if err := os.Remove(logPath); err != nil { + return errors.Wrapf(err, "delete file %s", logPath) + } + cmd.Stdout = logFile + cmd.Stderr = logFile if err := cmd.Start(); err != nil { return errors.Wrapf(err, "failed to start slirp4netns process") } @@ -238,7 +252,15 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { continue } if status.Exited() { - return errors.New("slirp4netns failed") + // Seek at the beginning of the file and read all its content + if _, err := logFile.Seek(0, 0); err != nil { + logrus.Errorf("could not seek log file: %q", err) + } + logContent, err := ioutil.ReadAll(logFile) + if err != nil { + return errors.Wrapf(err, "slirp4netns failed") + } + return errors.Errorf("slirp4netns failed: %q", logContent) } if status.Signaled() { return errors.New("slirp4netns killed by signal") diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go index d407984ce..9659ae339 100644 --- a/pkg/adapter/network.go +++ b/pkg/adapter/network.go @@ -155,15 +155,14 @@ func (r *LocalRuntime) removeNetwork(ctx context.Context, name string, container // NetworkCreate creates a CNI network func (r *LocalRuntime) NetworkCreate(cli *cliconfig.NetworkCreateValues) (string, error) { - var ( - err error - ) - isGateway := true ipMasq := true subnet := &cli.Network ipRange := cli.IPRange - + runtimeConfig, err := r.GetConfig() + if err != nil { + return "", err + } // if range is provided, make sure it is "in" network if cli.IsSet("subnet") { // if network is provided, does it conflict with existing CNI or live networks @@ -245,6 +244,11 @@ func (r *LocalRuntime) NetworkCreate(cli *cliconfig.NetworkCreateValues) (string plugins = append(plugins, bridge) plugins = append(plugins, network.NewPortMapPlugin()) plugins = append(plugins, network.NewFirewallPlugin()) + // if we find the dnsname plugin, we add configuration for it + if network.HasDNSNamePlugin(runtimeConfig.CNIPluginDir) && !cli.DisableDNS { + // Note: in the future we might like to allow for dynamic domain names + plugins = append(plugins, network.NewDNSNamePlugin(network.DefaultPodmanDomainName)) + } ncList["plugins"] = plugins b, err := json.MarshalIndent(ncList, "", " ") if err != nil { diff --git a/pkg/network/config.go b/pkg/network/config.go index 7eaa83833..37eb0dd64 100644 --- a/pkg/network/config.go +++ b/pkg/network/config.go @@ -14,6 +14,9 @@ const ( // CNIDeviceName is the default network device name and in // reality should have an int appended to it (cni-podman4) CNIDeviceName = "cni-podman" + // DefaultPodmanDomainName is used for the dnsname plugin to define + // a localized domain name for a created network + DefaultPodmanDomainName = "dns.podman" ) // GetDefaultPodmanNetwork outputs the default network for podman @@ -97,3 +100,14 @@ type FirewallConfig struct { func (f FirewallConfig) Bytes() ([]byte, error) { return json.MarshalIndent(f, "", "\t") } + +// DNSNameConfig describes the dns container name resolution plugin config +type DNSNameConfig struct { + PluginType string `json:"type"` + DomainName string `json:"domainName"` +} + +// Bytes outputs the configuration as []byte +func (d DNSNameConfig) Bytes() ([]byte, error) { + return json.MarshalIndent(d, "", "\t") +} diff --git a/pkg/network/netconflist.go b/pkg/network/netconflist.go index c3b11b409..e19051b88 100644 --- a/pkg/network/netconflist.go +++ b/pkg/network/netconflist.go @@ -2,6 +2,8 @@ package network import ( "net" + "os" + "path/filepath" ) // NcList describes a generic map @@ -111,3 +113,22 @@ func NewFirewallPlugin() FirewallConfig { Backend: "iptables", } } + +// NewDNSNamePlugin creates the dnsname config with a given +// domainname +func NewDNSNamePlugin(domainName string) DNSNameConfig { + return DNSNameConfig{ + PluginType: "dnsname", + DomainName: domainName, + } +} + +// HasDNSNamePlugin looks to see if the dnsname cni plugin is present +func HasDNSNamePlugin(paths []string) bool { + for _, p := range paths { + if _, err := os.Stat(filepath.Join(p, "dnsname")); err == nil { + return true + } + } + return false +} |