Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use etchosts package from c/common #13918

Merged
merged 6 commits into from
Apr 22, 2022
Merged

Conversation

Luap99
Copy link
Member

@Luap99 Luap99 commented Apr 19, 2022

Use the new logic from c/common to create the hosts file. This will help
to better align the hosts files between buildah and podman.

Also this fixes several bugs:

  • remove host entries when container is stopped and has a netNsCtr
  • add entries for containers in a pod
  • do not duplicate entries in the hosts file
  • use the correct slirp ip when an userns is used

Features:

  • configure host.containers.internal entry in containers.conf
  • configure base hosts file in containers.conf

Fixes #12003
Fixes #13224

libpod: fix c.Hostname() to respect the utsNsCtr

When we lookup the hostname for a given container we have to check if
the container is joined to another utsns and use this hostname then
instead.
This fixes a problem where the hostname command would use the correct
name but /etc/hostname would contain a different name.

network dis-/connect: update /etc/hosts

When we connect or disconnect from a network we also have to update
/etc/hosts to ensure we only have valid entries in there.
This also fixes problems with docker-compose since this makes use of
network connect/disconnect.

Fixes #12533

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 19, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Apr 19, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 19, 2022
@TomSweeneyRedHat
Copy link
Member

@Luap99 all kinds of test unhappiness

@Luap99
Copy link
Member Author

Luap99 commented Apr 20, 2022

With my new logic you can no longer use --add-host on a container with a shared netns (e.g. pod).
The problem with the current logic is that if you use --add-host on the container it will add it to all containers which are joined to this netns. IMO all host entries should be set on the pod/dependency container and we should error if someone wants to add them for the container which is joined to another netns. However this could break some people.
@containers/podman-maintainers WDYT?

@rhatdan
Copy link
Member

rhatdan commented Apr 20, 2022

I agree we should block the use of --add-hosts on containers in Pods as well as shared network namespace.

@mheon
Copy link
Member

mheon commented Apr 20, 2022

I'm a little iffy on the change as it could be considered breaking. Can we check if Docker allows --add-host with --net container:?

@Luap99
Copy link
Member Author

Luap99 commented Apr 20, 2022

I'm a little iffy on the change as it could be considered breaking. Can we check if Docker allows --add-host with --net container:?

I just tried it and get an error

# docker run --add-host name:1.1.1.1 --network container:test alpine cat /etc/hosts
docker: Error response from daemon: conflicting options: custom host-to-IP mapping and the network mode.

@mheon
Copy link
Member

mheon commented Apr 20, 2022

OK, I think we can justify this as docker-compat, then. I don't really see an issue with allowing it (it does add to all containers using the netns, but that isn't necessarily a bad thing) but if we can justify the removal I don't really mind.

@Luap99
Copy link
Member Author

Luap99 commented Apr 20, 2022

The problem with keeping this is that we also have to remove them when the container stops. The current logic just completely ignores this case so if you restart the container it will duplicate the entries every time as long as the infra container stays up.

@rhatdan
Copy link
Member

rhatdan commented Apr 20, 2022

Yes lets remove the complication. Users have a workaround to add the hosts to the original pod or container.

@Luap99 Luap99 force-pushed the hosts branch 3 times, most recently from 7907e41 to 474e598 Compare April 21, 2022 16:34
@Luap99 Luap99 marked this pull request as ready for review April 21, 2022 16:34
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 21, 2022
@rhatdan
Copy link
Member

rhatdan commented Apr 22, 2022

LGTM
But needs a rebase.

if err != nil {
// should we return an error here?
logrus.Errorf("unable to lookup uts namespace for container %s: %v", c.ID(), err)
return ""
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I think it would be better to change the signature to return error here and let caller deal with it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Likely, however this function is used in many places right now and I didn't want to update all callers. Since this is somewhat unrelated to this change. I don't think we will ever hit this error.
@mheon PTAL

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should definitely change the signature, I can handle that today

Luap99 added 6 commits April 22, 2022 12:59
Use the new logic from c/common to create the hosts file. This will help
to better allign the hosts files between buildah and podman.

Also this fixes several bugs:
- remove host entries when container is stopped and has a netNsCtr
- add entries for containers in a pod
- do not duplicate entries in the hosts file
- use the correct slirp ip when an userns is used

Features:
- configure host.containers.internal entry in containers.conf
- configure base hosts file in containers.conf

Fixes containers#12003
Fixes containers#13224

Signed-off-by: Paul Holzinger <[email protected]>
When we lookup the hostname for a given container we have to check if
the container is joined to another utsns and use this hostname then
instead.
This fixes a problem where the `hostname` command would use the correct
name but /etc/hostname would contain a different name.

Signed-off-by: Paul Holzinger <[email protected]>
When we connect or disconnect from a network we also have to update
/etc/hosts to ensure we only have valid entries in there.
This also fixes problems with docker-compose since this makes use of
network connect/disconnect.

Fixes containers#12533

Signed-off-by: Paul Holzinger <[email protected]>
Because /etc/hosts is shared for all containers with a shared network
namespace you should not be able to add hosts from a joined container.
Only the primary netns container can set the hosts.

Signed-off-by: Paul Holzinger <[email protected]>
Update the documentation for /etc/hosts options --add-host and
--no-hosts. Also make sure that all references use the same text for
consistency.

Signed-off-by: Paul Holzinger <[email protected]>
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 22, 2022
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Apr 22, 2022
@rhatdan
Copy link
Member

rhatdan commented Apr 22, 2022

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 22, 2022
@openshift-merge-robot openshift-merge-robot merged commit ad3da63 into containers:main Apr 22, 2022
@Luap99 Luap99 deleted the hosts branch April 22, 2022 12:54
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
7 participants