From 7ac3d906b5c080803f7898d3307af87bb57ad436 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Mon, 4 May 2020 13:14:33 -0400 Subject: Rework port parsing to support --expose and -P As part of this, make a major change to the type we use to represent port mappings in SpecGen (from using existing OCICNI structs to using our own custom one). This struct has the advantage of supporting ranges, massively reducing traffic over the wire for Podman commands using them (for example, the `podman run -p 5000-6000` command will now send only one struct instead of 1000). This struct also allows us to easily validate which ports are in use, and which are not, which is necessary for --expose. Once we have parsed the ports from the new struct, we can produce an accurate map including all currently requested ports, and use that to determine what ports need to be exposed (some requested exposed ports may already be included in a mapping from --publish and will be ignored) and what open ports on the host we can map them to. Signed-off-by: Matthew Heon --- pkg/specgen/generate/namespaces.go | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'pkg/specgen/generate/namespaces.go') diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 5c065cdda..96c65b551 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -1,12 +1,14 @@ package generate import ( + "context" "os" "strings" "github.com/containers/common/pkg/config" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/define" + "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/specgen" "github.com/containers/libpod/pkg/util" @@ -76,7 +78,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) // joining a pod. // TODO: Consider grouping options that are not directly attached to a namespace // elsewhere. -func GenerateNamespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.Pod) ([]libpod.CtrCreateOption, error) { +func GenerateNamespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.Pod, img *image.Image) ([]libpod.CtrCreateOption, error) { toReturn := []libpod.CtrCreateOption{} // If pod is not nil, get infra container. @@ -204,7 +206,6 @@ func GenerateNamespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod } // Net - // TODO image ports // TODO validate CNINetworks, StaticIP, StaticIPv6 are only set if we // are in bridge mode. postConfigureNetNS := !s.UserNS.IsHost() @@ -221,9 +222,17 @@ func GenerateNamespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod } toReturn = append(toReturn, libpod.WithNetNSFrom(netCtr)) case specgen.Slirp: - toReturn = append(toReturn, libpod.WithNetNS(s.PortMappings, postConfigureNetNS, "slirp4netns", nil)) + portMappings, err := createPortMappings(ctx, s, img) + if err != nil { + return nil, err + } + toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, "slirp4netns", nil)) case specgen.Bridge: - toReturn = append(toReturn, libpod.WithNetNS(s.PortMappings, postConfigureNetNS, "bridge", s.CNINetworks)) + portMappings, err := createPortMappings(ctx, s, img) + if err != nil { + return nil, err + } + toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, "bridge", s.CNINetworks)) } if s.UseImageHosts { @@ -428,7 +437,7 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt if g.Config.Annotations == nil { g.Config.Annotations = make(map[string]string) } - if s.PublishImagePorts { + if s.PublishExposedPorts { g.Config.Annotations[libpod.InspectAnnotationPublishAll] = libpod.InspectResponseTrue } else { g.Config.Annotations[libpod.InspectAnnotationPublishAll] = libpod.InspectResponseFalse -- cgit v1.2.3-54-g00ecf