From e7a72d72fd598b0de3c1049c91cd788440c08f2d Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Sun, 25 Oct 2020 18:28:44 +0100 Subject: enable ipv6 network configuration options enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea --- test/e2e/network_create_test.go | 61 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 21f03901b..5391b2940 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -177,8 +177,6 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with name and IPv6 subnet", func() { - SkipIfRootless("FIXME I believe this should work in rootlessmode") - var ( results []network.NcList ) @@ -218,12 +216,71 @@ var _ = Describe("Podman network create", func() { Expect(subnet.Contains(containerIP)).To(BeTrue()) }) + It("podman network create with name and IPv6 flag (dual-stack)", func() { + var ( + results []network.NcList + ) + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:3:2:1::/64", "--ipv6", "newDualStacknetwork"}) + nc.WaitWithDefaultTimeout() + Expect(nc.ExitCode()).To(BeZero()) + + defer podmanTest.removeCNINetwork("newDualStacknetwork") + + // Inspect the network configuration + inspect := podmanTest.Podman([]string{"network", "inspect", "newDualStacknetwork"}) + inspect.WaitWithDefaultTimeout() + + // JSON the network configuration into something usable + err := json.Unmarshal([]byte(inspect.OutputToString()), &results) + Expect(err).To(BeNil()) + result := results[0] + Expect(result["name"]).To(Equal("newDualStacknetwork")) + + // JSON the bridge info + bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge") + Expect(err).To(BeNil()) + Expect(bridgePlugin.IPAM.Routes[0].Dest).To(Equal("::/0")) + Expect(bridgePlugin.IPAM.Routes[1].Dest).To(Equal("0.0.0.0/0")) + + // Once a container executes a new network, the nic will be created. We should clean those up + // best we can + defer removeNetworkDevice(bridgePlugin.BrName) + + try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newDualStacknetwork", ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"}) + try.WaitWithDefaultTimeout() + + _, subnet, err := net.ParseCIDR("fd00:4:3:2:1::/64") + Expect(err).To(BeNil()) + containerIP, _, err := net.ParseCIDR(try.OutputToString()) + Expect(err).To(BeNil()) + // Ensure that the IP the container got is within the subnet the user asked for + Expect(subnet.Contains(containerIP)).To(BeTrue()) + // verify the container has an IPv4 address too (the IPv4 subnet is autogenerated) + try = podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newDualStacknetwork", ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"}) + try.WaitWithDefaultTimeout() + containerIP, _, err = net.ParseCIDR(try.OutputToString()) + Expect(err).To(BeNil()) + Expect(containerIP.To4()).To(Not(BeNil())) + }) + It("podman network create with invalid subnet", func() { nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", "fail"}) nc.WaitWithDefaultTimeout() Expect(nc).To(ExitWithError()) }) + It("podman network create with ipv4 subnet and ipv6 flag", func() { + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ipv6", "fail"}) + nc.WaitWithDefaultTimeout() + Expect(nc).To(ExitWithError()) + }) + + It("podman network create with empty subnet and ipv6 flag", func() { + nc := podmanTest.Podman([]string{"network", "create", "--ipv6", "fail"}) + nc.WaitWithDefaultTimeout() + Expect(nc).To(ExitWithError()) + }) + It("podman network create with invalid IP", func() { nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.0/17000", "fail"}) nc.WaitWithDefaultTimeout() -- cgit v1.2.3-54-g00ecf From 98d770747e13f4286958a7d68f1c96223ca96c98 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Mon, 9 Nov 2020 23:35:04 +0100 Subject: add e2e test for network with same subnet add e2e test that checks that is not possible to create different networks with the same subnet, in IPv6 neither in IPv4 Signed-off-by: Antonio Ojea --- test/e2e/network_create_test.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'test') diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 5391b2940..38e0c0bbf 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -304,6 +304,29 @@ var _ = Describe("Podman network create", func() { Expect(ncFail).To(ExitWithError()) }) + It("podman network create two networks with same subnet should fail", func() { + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", "subnet1"}) + nc.WaitWithDefaultTimeout() + Expect(nc.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork("subnet1") + + ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", "subnet2"}) + ncFail.WaitWithDefaultTimeout() + Expect(ncFail).To(ExitWithError()) + }) + + It("podman network create two IPv6 networks with same subnet should fail", func() { + SkipIfRootless("FIXME It needs the ip6tables modules loaded") + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", "subnet1v6"}) + nc.WaitWithDefaultTimeout() + Expect(nc.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork("subnet1v6") + + ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", "subnet2v6"}) + ncFail.WaitWithDefaultTimeout() + Expect(ncFail).To(ExitWithError()) + }) + It("podman network create with invalid network name", func() { nc := podmanTest.Podman([]string{"network", "create", "foo "}) nc.WaitWithDefaultTimeout() -- cgit v1.2.3-54-g00ecf From aabf28a16825aec643206d5e3084940ea48b9c99 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Tue, 10 Nov 2020 08:30:32 +0100 Subject: skip ipv6 e2e tests on rootless The IPv6 e2e tests on the CI for rootles mode fails because it needs the ip6tables modules loaded. Example error: stdout="", stderr="failed to list chains: running [/sbin/ip6tables -t nat -S --wait]: exit status 3: modprobe: can't change directory to '/lib/modules': No such file or directory\nip6tables v1.8.4 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n" Signed-off-by: Antonio Ojea --- test/e2e/network_create_test.go | 2 ++ 1 file changed, 2 insertions(+) (limited to 'test') diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 38e0c0bbf..cb997d10a 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -177,6 +177,7 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with name and IPv6 subnet", func() { + SkipIfRootless("FIXME It needs the ip6tables modules loaded") var ( results []network.NcList ) @@ -217,6 +218,7 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with name and IPv6 flag (dual-stack)", func() { + SkipIfRootless("FIXME It needs the ip6tables modules loaded") var ( results []network.NcList ) -- cgit v1.2.3-54-g00ecf