Skip to content

Commit 4dbb58d

Browse files
openshift-merge-robotopenshift-merge-robot
authored
Merge pull request #9107 from baude/v3backportdnsnameinternal
[3.0] disable dnsname when --internal
2 parents dc2f4c6 + 7e88a57 commit 4dbb58d

File tree

4 files changed

+96
-62
lines changed

4 files changed

+96
-62
lines changed

docs/source/markdown/podman-network-create.1.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,8 @@ Define a gateway for the subnet. If you want to provide a gateway address, you m
4141

4242
#### **--internal**
4343

44-
Restrict external access of this network
44+
Restrict external access of this network. Note when using this option, the dnsname plugin will be
45+
automatically disabled.
4546

4647
#### **--ip-range**
4748

libpod/network/create.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ import (
1414
"github.com/containers/podman/v2/pkg/rootless"
1515
"github.com/containers/podman/v2/pkg/util"
1616
"github.com/pkg/errors"
17+
"github.com/sirupsen/logrus"
1718
)
1819

1920
// Create the CNI network
@@ -226,8 +227,12 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon
226227
// if we find the dnsname plugin or are rootless, we add configuration for it
227228
// the rootless-cni-infra container has the dnsname plugin always installed
228229
if (HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) || rootless.IsRootless()) && !options.DisableDNS {
229-
// Note: in the future we might like to allow for dynamic domain names
230-
plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
230+
if options.Internal {
231+
logrus.Warnf("dnsname and --internal networks are incompatible. dnsname plugin not configured for network %s", name)
232+
} else {
233+
// Note: in the future we might like to allow for dynamic domain names
234+
plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
235+
}
231236
}
232237
ncList["plugins"] = plugins
233238
b, err := json.MarshalIndent(ncList, "", " ")

test/e2e/network_create_test.go

Lines changed: 69 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ import (
1010
cniversion "github.com/containernetworking/cni/pkg/version"
1111
"github.com/containers/podman/v2/libpod/network"
1212
. "github.com/containers/podman/v2/test/utils"
13+
"github.com/containers/storage/pkg/stringid"
1314
. "github.com/onsi/ginkgo"
1415
. "github.com/onsi/gomega"
1516
"github.com/pkg/errors"
@@ -116,40 +117,41 @@ var _ = Describe("Podman network create", func() {
116117
results []network.NcList
117118
)
118119

119-
nc := podmanTest.Podman([]string{"network", "create", "newname"})
120+
netName := "inspectnet-" + stringid.GenerateNonCryptoID()
121+
nc := podmanTest.Podman([]string{"network", "create", netName})
120122
nc.WaitWithDefaultTimeout()
123+
defer podmanTest.removeCNINetwork(netName)
121124
Expect(nc.ExitCode()).To(BeZero())
122-
defer podmanTest.removeCNINetwork("newname")
123125

124-
inspect := podmanTest.Podman([]string{"network", "inspect", "newname"})
126+
inspect := podmanTest.Podman([]string{"network", "inspect", netName})
125127
inspect.WaitWithDefaultTimeout()
126128

127129
err := json.Unmarshal([]byte(inspect.OutputToString()), &results)
128130
Expect(err).To(BeNil())
129131
result := results[0]
130-
Expect(result["name"]).To(Equal("newname"))
132+
Expect(result["name"]).To(Equal(netName))
131133

132134
})
133135

134136
It("podman network create with name and subnet", func() {
135137
var (
136138
results []network.NcList
137139
)
138-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "newnetwork"})
140+
netName := "subnet-" + stringid.GenerateNonCryptoID()
141+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", netName})
139142
nc.WaitWithDefaultTimeout()
143+
defer podmanTest.removeCNINetwork(netName)
140144
Expect(nc.ExitCode()).To(BeZero())
141145

142-
defer podmanTest.removeCNINetwork("newnetwork")
143-
144146
// Inspect the network configuration
145-
inspect := podmanTest.Podman([]string{"network", "inspect", "newnetwork"})
147+
inspect := podmanTest.Podman([]string{"network", "inspect", netName})
146148
inspect.WaitWithDefaultTimeout()
147149

148150
// JSON the network configuration into something usable
149151
err := json.Unmarshal([]byte(inspect.OutputToString()), &results)
150152
Expect(err).To(BeNil())
151153
result := results[0]
152-
Expect(result["name"]).To(Equal("newnetwork"))
154+
Expect(result["name"]).To(Equal(netName))
153155

154156
// JSON the bridge info
155157
bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge")
@@ -161,7 +163,7 @@ var _ = Describe("Podman network create", func() {
161163
// best we can
162164
defer removeNetworkDevice(bridgePlugin.BrName)
163165

164-
try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newnetwork", ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"})
166+
try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", netName, ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"})
165167
try.WaitWithDefaultTimeout()
166168

167169
_, subnet, err := net.ParseCIDR("10.11.12.0/24")
@@ -178,21 +180,21 @@ var _ = Describe("Podman network create", func() {
178180
var (
179181
results []network.NcList
180182
)
181-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:1:2:3:4::/64", "newIPv6network"})
183+
netName := "ipv6-" + stringid.GenerateNonCryptoID()
184+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:1:2:3:4::/64", netName})
182185
nc.WaitWithDefaultTimeout()
186+
defer podmanTest.removeCNINetwork(netName)
183187
Expect(nc.ExitCode()).To(BeZero())
184188

185-
defer podmanTest.removeCNINetwork("newIPv6network")
186-
187189
// Inspect the network configuration
188-
inspect := podmanTest.Podman([]string{"network", "inspect", "newIPv6network"})
190+
inspect := podmanTest.Podman([]string{"network", "inspect", netName})
189191
inspect.WaitWithDefaultTimeout()
190192

191193
// JSON the network configuration into something usable
192194
err := json.Unmarshal([]byte(inspect.OutputToString()), &results)
193195
Expect(err).To(BeNil())
194196
result := results[0]
195-
Expect(result["name"]).To(Equal("newIPv6network"))
197+
Expect(result["name"]).To(Equal(netName))
196198

197199
// JSON the bridge info
198200
bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge")
@@ -203,7 +205,7 @@ var _ = Describe("Podman network create", func() {
203205
// best we can
204206
defer removeNetworkDevice(bridgePlugin.BrName)
205207

206-
try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newIPv6network", ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"})
208+
try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", netName, ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"})
207209
try.WaitWithDefaultTimeout()
208210

209211
_, subnet, err := net.ParseCIDR("fd00:1:2:3:4::/64")
@@ -219,21 +221,21 @@ var _ = Describe("Podman network create", func() {
219221
var (
220222
results []network.NcList
221223
)
222-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:3:2:1::/64", "--ipv6", "newDualStacknetwork"})
224+
netName := "dual-" + stringid.GenerateNonCryptoID()
225+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:3:2:1::/64", "--ipv6", netName})
223226
nc.WaitWithDefaultTimeout()
227+
defer podmanTest.removeCNINetwork(netName)
224228
Expect(nc.ExitCode()).To(BeZero())
225229

226-
defer podmanTest.removeCNINetwork("newDualStacknetwork")
227-
228230
// Inspect the network configuration
229-
inspect := podmanTest.Podman([]string{"network", "inspect", "newDualStacknetwork"})
231+
inspect := podmanTest.Podman([]string{"network", "inspect", netName})
230232
inspect.WaitWithDefaultTimeout()
231233

232234
// JSON the network configuration into something usable
233235
err := json.Unmarshal([]byte(inspect.OutputToString()), &results)
234236
Expect(err).To(BeNil())
235237
result := results[0]
236-
Expect(result["name"]).To(Equal("newDualStacknetwork"))
238+
Expect(result["name"]).To(Equal(netName))
237239

238240
// JSON the bridge info
239241
bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge")
@@ -245,7 +247,7 @@ var _ = Describe("Podman network create", func() {
245247
// best we can
246248
defer removeNetworkDevice(bridgePlugin.BrName)
247249

248-
try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newDualStacknetwork", ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"})
250+
try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", netName, ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"})
249251
try.WaitWithDefaultTimeout()
250252

251253
_, subnet, err := net.ParseCIDR("fd00:4:3:2:1::/64")
@@ -255,74 +257,81 @@ var _ = Describe("Podman network create", func() {
255257
// Ensure that the IP the container got is within the subnet the user asked for
256258
Expect(subnet.Contains(containerIP)).To(BeTrue())
257259
// verify the container has an IPv4 address too (the IPv4 subnet is autogenerated)
258-
try = podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newDualStacknetwork", ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"})
260+
try = podmanTest.Podman([]string{"run", "-it", "--rm", "--network", netName, ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"})
259261
try.WaitWithDefaultTimeout()
260262
containerIP, _, err = net.ParseCIDR(try.OutputToString())
261263
Expect(err).To(BeNil())
262264
Expect(containerIP.To4()).To(Not(BeNil()))
263265
})
264266

265267
It("podman network create with invalid subnet", func() {
266-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", "fail"})
268+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", stringid.GenerateNonCryptoID()})
267269
nc.WaitWithDefaultTimeout()
268270
Expect(nc).To(ExitWithError())
269271
})
270272

271273
It("podman network create with ipv4 subnet and ipv6 flag", func() {
272-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ipv6", "fail"})
274+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ipv6", stringid.GenerateNonCryptoID()})
273275
nc.WaitWithDefaultTimeout()
274276
Expect(nc).To(ExitWithError())
275277
})
276278

277279
It("podman network create with empty subnet and ipv6 flag", func() {
278-
nc := podmanTest.Podman([]string{"network", "create", "--ipv6", "fail"})
280+
nc := podmanTest.Podman([]string{"network", "create", "--ipv6", stringid.GenerateNonCryptoID()})
279281
nc.WaitWithDefaultTimeout()
280282
Expect(nc).To(ExitWithError())
281283
})
282284

283285
It("podman network create with invalid IP", func() {
284-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.0/17000", "fail"})
286+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.0/17000", stringid.GenerateNonCryptoID()})
285287
nc.WaitWithDefaultTimeout()
286288
Expect(nc).To(ExitWithError())
287289
})
288290

289291
It("podman network create with invalid gateway for subnet", func() {
290-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--gateway", "192.168.1.1", "fail"})
292+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--gateway", "192.168.1.1", stringid.GenerateNonCryptoID()})
291293
nc.WaitWithDefaultTimeout()
292294
Expect(nc).To(ExitWithError())
293295
})
294296

295297
It("podman network create two networks with same name should fail", func() {
296-
nc := podmanTest.Podman([]string{"network", "create", "samename"})
298+
netName := "same-" + stringid.GenerateNonCryptoID()
299+
nc := podmanTest.Podman([]string{"network", "create", netName})
297300
nc.WaitWithDefaultTimeout()
301+
defer podmanTest.removeCNINetwork(netName)
298302
Expect(nc.ExitCode()).To(BeZero())
299-
defer podmanTest.removeCNINetwork("samename")
300303

301-
ncFail := podmanTest.Podman([]string{"network", "create", "samename"})
304+
ncFail := podmanTest.Podman([]string{"network", "create", netName})
302305
ncFail.WaitWithDefaultTimeout()
303306
Expect(ncFail).To(ExitWithError())
304307
})
305308

306309
It("podman network create two networks with same subnet should fail", func() {
307-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", "subnet1"})
310+
netName1 := "sub1-" + stringid.GenerateNonCryptoID()
311+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", netName1})
308312
nc.WaitWithDefaultTimeout()
313+
defer podmanTest.removeCNINetwork(netName1)
309314
Expect(nc.ExitCode()).To(BeZero())
310-
defer podmanTest.removeCNINetwork("subnet1")
311315

312-
ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", "subnet2"})
316+
netName2 := "sub2-" + stringid.GenerateNonCryptoID()
317+
ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", netName2})
313318
ncFail.WaitWithDefaultTimeout()
319+
defer podmanTest.removeCNINetwork(netName2)
314320
Expect(ncFail).To(ExitWithError())
315321
})
316322

317323
It("podman network create two IPv6 networks with same subnet should fail", func() {
318324
SkipIfRootless("FIXME It needs the ip6tables modules loaded")
319-
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", "subnet1v6"})
325+
netName1 := "subipv61-" + stringid.GenerateNonCryptoID()
326+
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", netName1})
320327
nc.WaitWithDefaultTimeout()
328+
defer podmanTest.removeCNINetwork(netName1)
321329
Expect(nc.ExitCode()).To(BeZero())
322-
defer podmanTest.removeCNINetwork("subnet1v6")
323330

324-
ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", "subnet2v6"})
331+
netName2 := "subipv62-" + stringid.GenerateNonCryptoID()
332+
ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", netName2})
325333
ncFail.WaitWithDefaultTimeout()
334+
defer podmanTest.removeCNINetwork(netName2)
326335
Expect(ncFail).To(ExitWithError())
327336
})
328337

@@ -333,11 +342,11 @@ var _ = Describe("Podman network create", func() {
333342
})
334343

335344
It("podman network create with mtu option", func() {
336-
net := "mtu-test"
345+
net := "mtu-test" + stringid.GenerateNonCryptoID()
337346
nc := podmanTest.Podman([]string{"network", "create", "--opt", "mtu=9000", net})
338347
nc.WaitWithDefaultTimeout()
339-
Expect(nc.ExitCode()).To(BeZero())
340348
defer podmanTest.removeCNINetwork(net)
349+
Expect(nc.ExitCode()).To(BeZero())
341350

342351
nc = podmanTest.Podman([]string{"network", "inspect", net})
343352
nc.WaitWithDefaultTimeout()
@@ -346,11 +355,11 @@ var _ = Describe("Podman network create", func() {
346355
})
347356

348357
It("podman network create with vlan option", func() {
349-
net := "vlan-test"
358+
net := "vlan-test" + stringid.GenerateNonCryptoID()
350359
nc := podmanTest.Podman([]string{"network", "create", "--opt", "vlan=9", net})
351360
nc.WaitWithDefaultTimeout()
352-
Expect(nc.ExitCode()).To(BeZero())
353361
defer podmanTest.removeCNINetwork(net)
362+
Expect(nc.ExitCode()).To(BeZero())
354363

355364
nc = podmanTest.Podman([]string{"network", "inspect", net})
356365
nc.WaitWithDefaultTimeout()
@@ -359,10 +368,28 @@ var _ = Describe("Podman network create", func() {
359368
})
360369

361370
It("podman network create with invalid option", func() {
362-
net := "invalid-test"
371+
net := "invalid-test" + stringid.GenerateNonCryptoID()
363372
nc := podmanTest.Podman([]string{"network", "create", "--opt", "foo=bar", net})
364373
nc.WaitWithDefaultTimeout()
374+
defer podmanTest.removeCNINetwork(net)
365375
Expect(nc).To(ExitWithError())
366376
})
367377

378+
It("podman network create with internal should not have dnsname", func() {
379+
net := "internal-test" + stringid.GenerateNonCryptoID()
380+
nc := podmanTest.Podman([]string{"network", "create", "--internal", net})
381+
nc.WaitWithDefaultTimeout()
382+
defer podmanTest.removeCNINetwork(net)
383+
Expect(nc.ExitCode()).To(BeZero())
384+
// Not performing this check on remote tests because it is a logrus error which does
385+
// not come back via stderr on the remote client.
386+
if !IsRemote() {
387+
Expect(nc.ErrorToString()).To(ContainSubstring("dnsname and --internal networks are incompatible"))
388+
}
389+
nc = podmanTest.Podman([]string{"network", "inspect", net})
390+
nc.WaitWithDefaultTimeout()
391+
Expect(nc.ExitCode()).To(BeZero())
392+
Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname"))
393+
})
394+
368395
})

0 commit comments

Comments
 (0)