Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6219: Add support for container sysctl parameter #3614

Merged
merged 2 commits into from
Jun 10, 2024
Merged

T6219: Add support for container sysctl parameter #3614

merged 2 commits into from
Jun 10, 2024

Conversation

nvollmar
Copy link
Contributor

@nvollmar nvollmar commented Jun 9, 2024
edited
Loading

I can't append to #3288, so I took the liberty to build upon it.
Aligned configuration with system sysctl and added completion with allowed sysctl values for container

Change Summary

Allow setting sysctl settings for containers

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

https://vyos.dev/T6219

Related PR(s)

#3288

Component(s) name

container

Proposed changes

Adds support for configuring a container with the sysctl option:

container {
    name c1 {
        allow-host-networks
        image "busybox:stable"
        sysctl {
            parameter kernel.msgmax {
                value "8192"
            }
        }
    }
}

How to test

set container name c1 image busybox:stable
set container name c1 allow-host-networks
set container name c1 sysctl parameter kernel.msgmax value 8192

Smoketest result

test_basic (__main__.TestContainer.test_basic) ... ok
test_dual_stack_network (__main__.TestContainer.test_dual_stack_network) ... 
IP address "192.0.2.1" can not be used for a container, reserved for the
container engine!

ok
test_ipv4_network (__main__.TestContainer.test_ipv4_network) ... 
IP address "192.0.2.1" can not be used for a container, reserved for the
container engine!

ok
test_ipv6_network (__main__.TestContainer.test_ipv6_network) ... 
IP address "2001:db8::1" can not be used for a container, reserved for
the container engine!

ok
test_uid_gid (__main__.TestContainer.test_uid_gid) ... 
Cannot set "gid" without "uid" for container

ok

----------------------------------------------------------------------
Ran 5 tests in 146.650s

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@nvollmar nvollmar requested a review from a team as a code owner June 9, 2024 22:30
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 9, 2024
edited
Loading

👍
No issues in PR Title / Commit Title

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 9, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 9, 2024

Conflicts have been resolved. A maintainer will review the pull request shortly.

@nvollmar nvollmar force-pushed the T6219 branch 2 times, most recently from f9fb6c9 to 9214333 Compare June 9, 2024 22:58
@nvollmar nvollmar marked this pull request as draft June 9, 2024 22:59
@nvollmar nvollmar marked this pull request as ready for review June 10, 2024 05:39
@nvollmar nvollmar mentioned this pull request Jun 10, 2024
Merged
1 task
@sever-sever
Copy link
Member

Probably will be conflict with #3607

@nvollmar
Copy link
Contributor Author

Yep, just added that as separate commit to get the builds green.
Will rebase/remove once #3607 is merged

@nvollmar
Copy link
Contributor Author

rebased

c-po
c-po requested changes Jun 10, 2024
View reviewed changes
smoketest/scripts/cli/test_container.py Outdated Show resolved Hide resolved
@nvollmar nvollmar requested a review from c-po June 10, 2024 09:33
@c-po c-po merged commit eaf20bb into vyos:current Jun 10, 2024
9 checks passed
@c-po c-po mentioned this pull request Jun 10, 2024
Closed
12 tasks
@nvollmar nvollmar deleted the T6219 branch June 10, 2024 11:09
@nvollmar
Copy link
Contributor Author

@sever-sever would be great if that could be backported to Sagitta

@c-po
Copy link
Member

c-po commented Jun 11, 2024

@Mergifyio backport sagitta

@mergify Mergify
Copy link
Contributor

mergify bot commented Jun 11, 2024
edited
Loading

backport sagitta

✅ Backports have been created

This was referenced Jun 11, 2024
Merged
Merged
sever-sever pushed a commit that referenced this pull request Jun 11, 2024
@mergify @TGNThump @nvollmar
T6219: Add support for container sysctl parameter (backport #3614) (#…
682defd 
…3629)

* container: T6219: Add support for container sysctl / kernel parameters

(cherry picked from commit 717ea64)

* T6219: align with system sysctl and limit parameters to supported

(cherry picked from commit f030464)

---------

Co-authored-by: Ben Pilgrim <ben@pilgrim.me.uk>
Co-authored-by: Nicolas Vollmar <nvollmar@gmail.com>
@sever-sever
Copy link
Member

@Mergifyio backport circinus-stream sagitta-stream

@mergify Mergify
Copy link
Contributor

mergify bot commented Jun 11, 2024
edited
Loading

backport circinus-stream sagitta-stream

✅ Backports have been created

This was referenced Jun 11, 2024
Merged
Merged
c-po added a commit that referenced this pull request Jun 11, 2024
@c-po
Merge pull request #3630 from vyos/mergify/bp/circinus-stream/pr-3614
730bb8a 
T6219: Add support for container sysctl parameter (backport #3614)
c-po added a commit that referenced this pull request Jun 11, 2024
@c-po
Merge pull request #3631 from vyos/mergify/bp/sagitta-stream/pr-3614
2a1ceb6 
T6219: Add support for container sysctl parameter (backport #3614)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmbaturin dmbaturin dmbaturin approved these changes

@sever-sever sever-sever sever-sever approved these changes

@c-po c-po c-po approved these changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

Assignees

@nvollmar nvollmar

Labels
backport current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nvollmar @sever-sever @c-po @dmbaturin @TGNThump