Merge pull request #13918 from Luap99/hosts

use etchosts package from c/common
containers · Apr 22, 2022 · ad3da63 · ad3da63
2 parents 1bafde2 + e0f5bf2
commit ad3da63
Show file tree

Hide file tree

Showing 21 changed files with 777 additions and 275 deletions.
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
@@ -439,9 +439,9 @@ with a new set of cached layers.
 #### **--no-hosts**
 
 Do not create _/etc/hosts_ for the container.
-
-By default, Buildah manages _/etc/hosts_, adding the container's own IP address.
-**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified. Conflicts with the --add-host option.
+By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
+**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
+This option conflicts with **--add-host**.
 
 #### **--os**=*string*
 

diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
@@ -743,9 +743,9 @@ Disable any defined healthchecks for container.
 
 #### **--no-hosts**
 
-Do not create /etc/hosts for the container.
-By default, Podman will manage /etc/hosts, adding the container's own IP address and any hosts from **--add-host**.
-#### **--no-hosts** disables this, and the image's **/etc/host** will be preserved unmodified.
+Do not create _/etc/hosts_ for the container.
+By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
+**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
 This option conflicts with **--add-host**.
 
 #### **--oom-kill-disable**

diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
@@ -216,7 +216,10 @@ Valid _mode_ values are:
 
 #### **--no-hosts**
 
-Do not create /etc/hosts within the pod's containers, instead use the version from the image
+Do not create /etc/hosts for the pod.
+By default, Podman will manage /etc/hosts, adding the container's own IP address and any hosts from **--add-host**.
+**--no-hosts** disables this, and the image's **/etc/host** will be preserved unmodified.
+This option conflicts with host added in the Kubernetes YAML.
 
 #### **--quiet**, **-q**
 

diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md
@@ -17,7 +17,11 @@ containers added to it. The pod id is printed to STDOUT. You can then use
 
 #### **--add-host**=_host_:_ip_
 
-Add a host to the /etc/hosts file shared between all containers in the pod.
+Add a custom host-to-IP mapping (host:ip)
+
+Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
+option can be set multiple times.
+The /etc/hosts file is shared between all containers in the pod.
 
 #### **--cgroup-parent**=*path*
 
@@ -187,7 +191,10 @@ NOTE: A container will only have access to aliases on the first network that it
 
 #### **--no-hosts**
 
-Disable creation of /etc/hosts for the pod.
+Do not create _/etc/hosts_ for the pod.
+By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
+**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
+This option conflicts with **--add-host**.
 
 #### **--pid**=*pid*
 

diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
@@ -85,8 +85,10 @@ and specified with a _tag_.
 ## OPTIONS
 #### **--add-host**=_host_:_ip_
 
-Add a line to container's _/etc/hosts_ for custom host-to-IP mapping.
-This option can be set multiple times.
+Add a custom host-to-IP mapping (host:ip)
+
+Add a line to /etc/hosts. The format is hostname:ip. The **--add-host**
+option can be set multiple times.
 
 #### **--annotation**=_key_=_value_
 
@@ -768,9 +770,8 @@ Disable any defined healthchecks for container.
 #### **--no-hosts**
 
 Do not create _/etc/hosts_ for the container.
-
 By default, Podman will manage _/etc/hosts_, adding the container's own IP address and any hosts from **--add-host**.
-#### **--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
+**--no-hosts** disables this, and the image's _/etc/hosts_ will be preserved unmodified.
 This option conflicts with **--add-host**.
 
 #### **--oom-kill-disable**

diff --git a/libpod/container.go b/libpod/container.go
@@ -628,6 +628,15 @@ func (c *Container) RuntimeName() string {
 
 // Hostname gets the container's hostname
 func (c *Container) Hostname() string {
+	if c.config.UTSNsCtr != "" {
+		utsNsCtr, err := c.runtime.GetContainer(c.config.UTSNsCtr)
+		if err != nil {
+			// should we return an error here?
+			logrus.Errorf("unable to lookup uts namespace for container %s: %v", c.ID(), err)
+			return ""
+		}
+		return utsNsCtr.Hostname()
+	}
 	if c.config.Spec.Hostname != "" {
 		return c.config.Spec.Hostname
 	}

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -1,7 +1,6 @@
 package libpod
 
 import (
-	"bufio"
 	"bytes"
 	"context"
 	"fmt"
@@ -17,8 +16,10 @@ import (
 	"github.com/containers/buildah/copier"
 	"github.com/containers/buildah/pkg/overlay"
 	butil "github.com/containers/buildah/util"
+	"github.com/containers/common/libnetwork/etchosts"
 	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/common/pkg/chown"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/libpod/events"
 	"github.com/containers/podman/v4/pkg/ctime"
@@ -31,6 +32,7 @@ import (
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/idtools"
+	"github.com/containers/storage/pkg/lockfile"
 	"github.com/containers/storage/pkg/mount"
 	"github.com/coreos/go-systemd/v22/daemon"
 	securejoin "github.com/cyphar/filepath-securejoin"
@@ -1006,17 +1008,14 @@ func (c *Container) completeNetworkSetup() error {
 		}
 	}
 	// check if we have a bindmount for /etc/hosts
-	if hostsBindMount, ok := state.BindMounts["/etc/hosts"]; ok && len(c.cniHosts()) > 0 {
-		ctrHostPath := filepath.Join(c.state.RunDir, "hosts")
-		if hostsBindMount == ctrHostPath {
-			// read the existing hosts
-			b, err := ioutil.ReadFile(hostsBindMount)
-			if err != nil {
-				return err
-			}
-			if err := ioutil.WriteFile(hostsBindMount, append(b, []byte(c.cniHosts())...), 0644); err != nil {
-				return err
-			}
+	if hostsBindMount, ok := state.BindMounts[config.DefaultHostsFile]; ok {
+		entries, err := c.getHostsEntries()
+		if err != nil {
+			return err
+		}
+		// add new container ips to the hosts file
+		if err := etchosts.Add(hostsBindMount, entries); err != nil {
+			return err
 		}
 	}
 
@@ -1041,18 +1040,6 @@ func (c *Container) completeNetworkSetup() error {
 	return ioutil.WriteFile(resolvBindMount, []byte(strings.Join(outResolvConf, "\n")), 0644)
 }
 
-func (c *Container) cniHosts() string {
-	var hosts string
-	for _, status := range c.getNetworkStatus() {
-		for _, netInt := range status.Interfaces {
-			for _, netAddress := range netInt.Subnets {
-				hosts += fmt.Sprintf("%s\t%s %s\n", netAddress.IPNet.IP.String(), c.Hostname(), c.config.Name)
-			}
-		}
-	}
-	return hosts
-}
-
 // Initialize a container, creating it in the runtime
 func (c *Container) init(ctx context.Context, retainRetries bool) error {
 	// Unconditionally remove conmon temporary files.
@@ -1894,6 +1881,24 @@ func (c *Container) cleanup(ctx context.Context) error {
 		lastError = errors.Wrapf(err, "error removing container %s network", c.ID())
 	}
 
+	// cleanup host entry if it is shared
+	if c.config.NetNsCtr != "" {
+		if hoststFile, ok := c.state.BindMounts[config.DefaultHostsFile]; ok {
+			if _, err := os.Stat(hoststFile); err == nil {
+				// we cannot use the dependency container lock due ABBA deadlocks
+				if lock, err := lockfile.GetLockfile(hoststFile); err == nil {
+					lock.Lock()
+					// make sure to ignore ENOENT error in case the netns container was cleanup before this one
+					if err := etchosts.Remove(hoststFile, getLocalhostHostEntry(c)); err != nil && !errors.Is(err, os.ErrNotExist) {
+						// this error is not fatal we still want to do proper cleanup
+						logrus.Errorf("failed to remove hosts entry from the netns containers /etc/hosts: %v", err)
+					}
+					lock.Unlock()
+				}
+			}
+		}
+	}
+
 	// Remove the container from the runtime, if necessary.
 	// Do this *before* unmounting storage - some runtimes (e.g. Kata)
 	// apparently object to having storage removed while the container still
@@ -2030,33 +2035,6 @@ func (c *Container) writeStringToStaticDir(filename, contents string) (string, e
 	return destFileName, nil
 }
 
-// appendStringToRunDir appends the provided string to the runtimedir file
-func (c *Container) appendStringToRunDir(destFile, output string) (string, error) {
-	destFileName := filepath.Join(c.state.RunDir, destFile)
-
-	f, err := os.OpenFile(destFileName, os.O_APPEND|os.O_RDWR, 0600)
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	compareStr := strings.TrimRight(output, "\n")
-	scanner := bufio.NewScanner(f)
-	scanner.Split(bufio.ScanLines)
-
-	for scanner.Scan() {
-		if strings.Compare(scanner.Text(), compareStr) == 0 {
-			return filepath.Join(c.state.RunDir, destFile), nil
-		}
-	}
-
-	if _, err := f.WriteString(output); err != nil {
-		return "", errors.Wrapf(err, "unable to write %s", destFileName)
-	}
-
-	return filepath.Join(c.state.RunDir, destFile), nil
-}
-
 // saveSpec saves the OCI spec to disk, replacing any existing specs for the container
 func (c *Container) saveSpec(spec *spec.Spec) error {
 	// If the OCI spec already exists, we need to replace it