Merge pull request #124589 from hercules-ci/containers-dnsname

nixos/podman-dnsname: init
This commit is contained in:
Robert Hensing 2021-06-02 08:18:48 +02:00 committed by GitHub
commit d9e4512443
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 142 additions and 27 deletions

@ -48,6 +48,23 @@ in
description = "containers.conf configuration";
};
containersConf.cniPlugins = mkOption {
type = types.listOf types.package;
defaultText = ''
[
pkgs.cni-plugins
]
'';
example = lib.literalExample ''
[
pkgs.cniPlugins.dnsname
]
'';
description = ''
CNI plugins to install on the system.
'';
};
registries = {
search = mkOption {
type = types.listOf types.str;
@ -97,8 +114,11 @@ in
};
config = lib.mkIf cfg.enable {
virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ];
virtualisation.containers.containersConf.settings = {
network.cni_plugin_dirs = [ "${pkgs.cni-plugins}/bin/" ];
network.cni_plugin_dirs = map (p: "${lib.getBin p}/bin") cfg.containersConf.cniPlugins;
engine = {
init_path = "${pkgs.catatonit}/bin/catatonit";
} // lib.optionalAttrs cfg.ociSeccompBpfHook.enable {

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkOption
mkIf
types
;
cfg = config.virtualisation.podman;
in
{
options = {
virtualisation.podman = {
defaultNetwork.dnsname.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable DNS resolution in the default podman network.
'';
};
};
};
config = {
virtualisation.containers.containersConf.cniPlugins = mkIf cfg.defaultNetwork.dnsname.enable [ pkgs.dnsname-cni ];
virtualisation.podman.defaultNetwork.extraPlugins =
lib.optional cfg.defaultNetwork.dnsname.enable {
type = "dnsname";
domainName = "dns.podman";
capabilities.aliases = true;
};
};
}

@ -2,6 +2,7 @@
let
cfg = config.virtualisation.podman;
toml = pkgs.formats.toml { };
json = pkgs.formats.json { };
inherit (lib) mkOption types;
@ -22,9 +23,23 @@ let
done
'';
net-conflist = pkgs.runCommand "87-podman-bridge.conflist" {
nativeBuildInputs = [ pkgs.jq ];
extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
jqScript = ''
. + { "plugins": (.plugins + $extraPlugins) }
'';
} ''
jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
--argjson extraPlugins "$extraPlugins" \
"$jqScript" \
>$out
'';
in
{
imports = [
./podman-dnsname.nix
./podman-network-socket.nix
(lib.mkRenamedOptionModule [ "virtualisation" "podman" "libpod" ] [ "virtualisation" "containers" "containersConf" ])
];
@ -99,6 +114,13 @@ in
'';
};
defaultNetwork.extraPlugins = lib.mkOption {
type = types.listOf json.type;
default = [];
description = ''
Extra CNI plugin configurations to add to podman's default network.
'';
};
};
@ -107,7 +129,7 @@ in
environment.systemPackages = [ cfg.package ]
++ lib.optional cfg.dockerCompat dockerCompat;
environment.etc."cni/net.d/87-podman-bridge.conflist".source = "${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist";
environment.etc."cni/net.d/87-podman-bridge.conflist".source = net-conflist;
virtualisation.containers = {
enable = true; # Enable common /etc/containers configuration

@ -335,6 +335,7 @@ in
plotinus = handleTest ./plotinus.nix {};
podgrab = handleTest ./podgrab.nix {};
podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
podman-dnsname = handleTestOn ["x86_64-linux"] ./podman-dnsname.nix {};
podman-tls-ghostunnel = handleTestOn ["x86_64-linux"] ./podman-tls-ghostunnel.nix {};
pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
postfix = handleTest ./postfix.nix {};

@ -0,0 +1,42 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
let
inherit (pkgs) writeTextDir python3 curl;
webroot = writeTextDir "index.html" "<h1>Hi</h1>";
in
{
name = "podman-dnsname";
meta = {
maintainers = with lib.maintainers; [ roberth ] ++ lib.teams.podman.members;
};
nodes = {
podman = { pkgs, ... }: {
virtualisation.podman.enable = true;
virtualisation.podman.defaultNetwork.dnsname.enable = true;
};
};
testScript = ''
podman.wait_for_unit("sockets.target")
with subtest("DNS works"): # also tests inter-container tcp routing
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed(
"podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${webroot} scratchimg ${python3}/bin/python -m http.server 8000"
)
podman.succeed("podman ps | grep webserver")
podman.succeed("""
for i in `seq 0 120`; do
podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${curl}/bin/curl http://webserver:8000 >/dev/console \
&& exit 0
sleep 0.5
done
exit 1
""")
podman.succeed("podman stop webserver")
podman.succeed("podman rm webserver")
'';
}
)

@ -1,4 +1,11 @@
{ buildGoModule, fetchFromGitHub, lib, dnsmasq }:
{
buildGoModule,
dnsmasq,
fetchFromGitHub,
lib,
nixosTests,
makeWrapper,
}:
buildGoModule rec {
pname = "cni-plugin-dnsname";
@ -11,10 +18,9 @@ buildGoModule rec {
sha256 = "sha256-hHkQOHDso92gXFCz40iQ7j2cHTEAMsaeW8MCJV2Otqo=";
};
patches = [ ./hardcode-dnsmasq-path.patch ];
postPatch = ''
substituteInPlace plugins/meta/dnsname/service.go --replace '@DNSMASQ@' '${dnsmasq}/bin/dnsmasq'
nativeBuildInputs = [ makeWrapper ];
postInstall = ''
wrapProgram $out/bin/dnsname --prefix PATH : ${lib.makeBinPath [ dnsmasq ]}
'';
vendorSha256 = null;
@ -22,6 +28,10 @@ buildGoModule rec {
doCheck = false; # NOTE: requires root privileges
passthru.tests = {
inherit (nixosTests) podman-dnsname;
};
meta = with lib; {
description = "DNS name resolution for containers";
homepage = "https://github.com/containers/dnsname";

@ -1,19 +0,0 @@
diff --git a/plugins/meta/dnsname/service.go b/plugins/meta/dnsname/service.go
index fc05f75..f6b4caf 100644
--- a/plugins/meta/dnsname/service.go
+++ b/plugins/meta/dnsname/service.go
@@ -16,10 +16,14 @@ import (
// newDNSMasqFile creates a new instance of a dnsNameFile
func newDNSMasqFile(domainName, networkInterface, networkName string) (dnsNameFile, error) {
+ /*
dnsMasqBinary, err := exec.LookPath("dnsmasq")
if err != nil {
return dnsNameFile{}, errors.Errorf("the dnsmasq cni plugin requires the dnsmasq binary be in PATH")
}
+ */
+ _ = errors.Errorf // XXX(mikroskeem): reduce diff
+ dnsMasqBinary := "@DNSMASQ@"
masqConf := dnsNameFile{
ConfigFile: makePath(networkName, confFileName),
Domain: domainName,

@ -84,7 +84,10 @@ buildGoModule rec {
passthru.tests = {
inherit (nixosTests) podman;
# related modules
inherit (nixosTests) podman-tls-ghostunnel;
inherit (nixosTests)
podman-tls-ghostunnel
podman-dnsname
;
};
meta = with lib; {