Merge pull request #100433 from Patryk27/fixes/38509

nixos/containers: allow containers with long names to create private networks
This commit is contained in:
Florian Klink 2021-02-26 21:35:07 +01:00 committed by GitHub
commit 1624ae8a96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 86 additions and 63 deletions

View file

@ -271,8 +271,8 @@ let
DeviceAllow = map (d: "${d.node} ${d.modifier}") cfg.allowedDevices;
};
system = config.nixpkgs.localSystem.system;
kernelVersion = config.boot.kernelPackages.kernel.version;
bindMountOpts = { name, ... }: {
@ -321,7 +321,6 @@ let
};
};
mkBindFlag = d:
let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}";
@ -482,11 +481,16 @@ in
networking.useDHCP = false;
assertions = [
{
assertion = config.privateNetwork -> stringLength name < 12;
assertion =
(builtins.compareVersions kernelVersion "5.8" <= 0)
-> config.privateNetwork
-> stringLength name <= 11;
message = ''
Container name `${name}` is too long: When `privateNetwork` is enabled, container names can
not be longer than 11 characters, because the container's interface name is derived from it.
This might be fixed in the future. See https://github.com/NixOS/nixpkgs/issues/38509
You should either make the container name shorter or upgrade to a more recent kernel that
supports interface altnames (i.e. at least Linux 5.8 - please see https://github.com/NixOS/nixpkgs/issues/38509
for details).
'';
}
];

View file

@ -72,6 +72,7 @@ in
containers-imperative = handleTest ./containers-imperative.nix {};
containers-ip = handleTest ./containers-ip.nix {};
containers-macvlans = handleTest ./containers-macvlans.nix {};
containers-names = handleTest ./containers-names.nix {};
containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
containers-portforward = handleTest ./containers-portforward.nix {};
containers-reloadable = handleTest ./containers-reloadable.nix {};

View file

@ -1,5 +1,3 @@
# Test for NixOS' container support.
let
hostIp = "192.168.0.1";
containerIp = "192.168.0.100/24";
@ -7,10 +5,10 @@ let
containerIp6 = "fc00::2/7";
in
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-bridge";
meta = with pkgs.lib.maintainers; {
maintainers = [ aristid aszlig eelco kampfschlaefer ];
meta = {
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
};
machine =

View file

@ -8,8 +8,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : let
in {
name = "containers-custom-pkgs";
meta = with lib.maintainers; {
maintainers = [ adisbladis earvstedt ];
meta = {
maintainers = with lib.maintainers; [ adisbladis earvstedt ];
};
machine = { config, ... }: {

View file

@ -1,7 +1,8 @@
# Test for NixOS' container support.
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-ephemeral";
meta = {
maintainers = with lib.maintainers; [ patryk27 ];
};
machine = { pkgs, ... }: {
virtualisation.memorySize = 768;

View file

@ -1,9 +1,7 @@
# Test for NixOS' container support.
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-extra_veth";
meta = with pkgs.lib.maintainers; {
maintainers = [ kampfschlaefer ];
meta = {
maintainers = with lib.maintainers; [ kampfschlaefer ];
};
machine =

View file

@ -1,9 +1,7 @@
# Test for NixOS' container support.
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-hosts";
meta = with pkgs.lib.maintainers; {
maintainers = [ montag451 ];
meta = {
maintainers = with lib.maintainers; [ montag451 ];
};
machine =

View file

@ -1,9 +1,7 @@
# Test for NixOS' container support.
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-imperative";
meta = with pkgs.lib.maintainers; {
maintainers = [ aristid aszlig eelco kampfschlaefer ];
meta = {
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
};
machine =

View file

@ -1,5 +1,3 @@
# Test for NixOS' container support.
let
webserverFor = hostAddress: localAddress: {
inherit hostAddress localAddress;
@ -13,10 +11,10 @@ let
};
};
in import ./make-test-python.nix ({ pkgs, ...} : {
in import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-ipv4-ipv6";
meta = with pkgs.lib.maintainers; {
maintainers = [ aristid aszlig eelco kampfschlaefer ];
meta = {
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
};
machine =

View file

@ -1,15 +1,13 @@
# Test for NixOS' container support.
let
# containers IP on VLAN 1
containerIp1 = "192.168.1.253";
containerIp2 = "192.168.1.254";
in
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-macvlans";
meta = with pkgs.lib.maintainers; {
maintainers = [ montag451 ];
meta = {
maintainers = with lib.maintainers; [ montag451 ];
};
nodes = {

View file

@ -0,0 +1,37 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-names";
meta = {
maintainers = with lib.maintainers; [ patryk27 ];
};
machine = { ... }: {
# We're using the newest kernel, so that we can test containers with long names.
# Please see https://github.com/NixOS/nixpkgs/issues/38509 for details.
boot.kernelPackages = pkgs.linuxPackages_latest;
containers = let
container = subnet: {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.${subnet}.1";
localAddress = "192.168.${subnet}.2";
config = { };
};
in {
first = container "1";
second = container "2";
really-long-name = container "3";
really-long-long-name-2 = container "4";
};
};
testScript = ''
machine.wait_for_unit("default.target")
machine.succeed("ip link show | grep ve-first")
machine.succeed("ip link show | grep ve-second")
machine.succeed("ip link show | grep ve-really-lFYWO")
machine.succeed("ip link show | grep ve-really-l3QgY")
'';
})

View file

@ -1,8 +1,7 @@
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-physical_interfaces";
meta = with pkgs.lib.maintainers; {
maintainers = [ kampfschlaefer ];
meta = {
maintainers = with lib.maintainers; [ kampfschlaefer ];
};
nodes = {

View file

@ -1,5 +1,3 @@
# Test for NixOS' container support.
let
hostIp = "192.168.0.1";
hostPort = 10080;
@ -7,10 +5,10 @@ let
containerPort = 80;
in
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-portforward";
meta = with pkgs.lib.maintainers; {
maintainers = [ aristid aszlig eelco kampfschlaefer ianwookim ];
meta = {
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ianwookim ];
};
machine =

View file

@ -1,7 +1,6 @@
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
client_base = {
containers.test1 = {
autoStart = true;
config = {
@ -16,8 +15,8 @@ let
};
in {
name = "containers-reloadable";
meta = with pkgs.lib.maintainers; {
maintainers = [ danbst ];
meta = {
maintainers = with lib.maintainers; [ danbst ];
};
nodes = {

View file

@ -1,5 +1,3 @@
# Test for NixOS' container support.
let
client_base = {
networking.firewall.enable = false;
@ -16,11 +14,11 @@ let
};
};
};
in import ./make-test-python.nix ({ pkgs, ...} :
in import ./make-test-python.nix ({ pkgs, lib, ... }:
{
name = "containers-restart_networking";
meta = with pkgs.lib.maintainers; {
maintainers = [ kampfschlaefer ];
meta = {
maintainers = with lib.maintainers; [ kampfschlaefer ];
};
nodes = {

View file

@ -1,9 +1,7 @@
# Test for NixOS' container support.
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "containers-tmpfs";
meta = with pkgs.lib.maintainers; {
maintainers = [ ];
meta = {
maintainers = with lib.maintainers; [ patryk27 ];
};
machine =