Merge pull request #100433 from Patryk27/fixes/38509
nixos/containers: allow containers with long names to create private networks
This commit is contained in:
commit
1624ae8a96
16 changed files with 86 additions and 63 deletions
|
@ -271,8 +271,8 @@ let
|
|||
DeviceAllow = map (d: "${d.node} ${d.modifier}") cfg.allowedDevices;
|
||||
};
|
||||
|
||||
|
||||
system = config.nixpkgs.localSystem.system;
|
||||
kernelVersion = config.boot.kernelPackages.kernel.version;
|
||||
|
||||
bindMountOpts = { name, ... }: {
|
||||
|
||||
|
@ -321,7 +321,6 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
mkBindFlag = d:
|
||||
let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
|
||||
mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}";
|
||||
|
@ -482,11 +481,16 @@ in
|
|||
networking.useDHCP = false;
|
||||
assertions = [
|
||||
{
|
||||
assertion = config.privateNetwork -> stringLength name < 12;
|
||||
assertion =
|
||||
(builtins.compareVersions kernelVersion "5.8" <= 0)
|
||||
-> config.privateNetwork
|
||||
-> stringLength name <= 11;
|
||||
message = ''
|
||||
Container name `${name}` is too long: When `privateNetwork` is enabled, container names can
|
||||
not be longer than 11 characters, because the container's interface name is derived from it.
|
||||
This might be fixed in the future. See https://github.com/NixOS/nixpkgs/issues/38509
|
||||
You should either make the container name shorter or upgrade to a more recent kernel that
|
||||
supports interface altnames (i.e. at least Linux 5.8 - please see https://github.com/NixOS/nixpkgs/issues/38509
|
||||
for details).
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
|
|
@ -72,6 +72,7 @@ in
|
|||
containers-imperative = handleTest ./containers-imperative.nix {};
|
||||
containers-ip = handleTest ./containers-ip.nix {};
|
||||
containers-macvlans = handleTest ./containers-macvlans.nix {};
|
||||
containers-names = handleTest ./containers-names.nix {};
|
||||
containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
|
||||
containers-portforward = handleTest ./containers-portforward.nix {};
|
||||
containers-reloadable = handleTest ./containers-reloadable.nix {};
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
let
|
||||
hostIp = "192.168.0.1";
|
||||
containerIp = "192.168.0.100/24";
|
||||
|
@ -7,10 +5,10 @@ let
|
|||
containerIp6 = "fc00::2/7";
|
||||
in
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-bridge";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ aristid aszlig eelco kampfschlaefer ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
|
||||
};
|
||||
|
||||
machine =
|
||||
|
|
|
@ -8,8 +8,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : let
|
|||
|
||||
in {
|
||||
name = "containers-custom-pkgs";
|
||||
meta = with lib.maintainers; {
|
||||
maintainers = [ adisbladis earvstedt ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ adisbladis earvstedt ];
|
||||
};
|
||||
|
||||
machine = { config, ... }: {
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-ephemeral";
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ patryk27 ];
|
||||
};
|
||||
|
||||
machine = { pkgs, ... }: {
|
||||
virtualisation.memorySize = 768;
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-extra_veth";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ kampfschlaefer ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ kampfschlaefer ];
|
||||
};
|
||||
|
||||
machine =
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-hosts";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ montag451 ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ montag451 ];
|
||||
};
|
||||
|
||||
machine =
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-imperative";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ aristid aszlig eelco kampfschlaefer ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
|
||||
};
|
||||
|
||||
machine =
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
let
|
||||
webserverFor = hostAddress: localAddress: {
|
||||
inherit hostAddress localAddress;
|
||||
|
@ -13,10 +11,10 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
in import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
in import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-ipv4-ipv6";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ aristid aszlig eelco kampfschlaefer ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
|
||||
};
|
||||
|
||||
machine =
|
||||
|
|
|
@ -1,15 +1,13 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
let
|
||||
# containers IP on VLAN 1
|
||||
containerIp1 = "192.168.1.253";
|
||||
containerIp2 = "192.168.1.254";
|
||||
in
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-macvlans";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ montag451 ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ montag451 ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
|
|
37
nixos/tests/containers-names.nix
Normal file
37
nixos/tests/containers-names.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-names";
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ patryk27 ];
|
||||
};
|
||||
|
||||
machine = { ... }: {
|
||||
# We're using the newest kernel, so that we can test containers with long names.
|
||||
# Please see https://github.com/NixOS/nixpkgs/issues/38509 for details.
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
containers = let
|
||||
container = subnet: {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.${subnet}.1";
|
||||
localAddress = "192.168.${subnet}.2";
|
||||
config = { };
|
||||
};
|
||||
|
||||
in {
|
||||
first = container "1";
|
||||
second = container "2";
|
||||
really-long-name = container "3";
|
||||
really-long-long-name-2 = container "4";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("default.target")
|
||||
|
||||
machine.succeed("ip link show | grep ve-first")
|
||||
machine.succeed("ip link show | grep ve-second")
|
||||
machine.succeed("ip link show | grep ve-really-lFYWO")
|
||||
machine.succeed("ip link show | grep ve-really-l3QgY")
|
||||
'';
|
||||
})
|
|
@ -1,8 +1,7 @@
|
|||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-physical_interfaces";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ kampfschlaefer ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ kampfschlaefer ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
let
|
||||
hostIp = "192.168.0.1";
|
||||
hostPort = 10080;
|
||||
|
@ -7,10 +5,10 @@ let
|
|||
containerPort = 80;
|
||||
in
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-portforward";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ aristid aszlig eelco kampfschlaefer ianwookim ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ianwookim ];
|
||||
};
|
||||
|
||||
machine =
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
let
|
||||
client_base = {
|
||||
|
||||
containers.test1 = {
|
||||
autoStart = true;
|
||||
config = {
|
||||
|
@ -16,8 +15,8 @@ let
|
|||
};
|
||||
in {
|
||||
name = "containers-reloadable";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ danbst ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ danbst ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
let
|
||||
client_base = {
|
||||
networking.firewall.enable = false;
|
||||
|
@ -16,11 +14,11 @@ let
|
|||
};
|
||||
};
|
||||
};
|
||||
in import ./make-test-python.nix ({ pkgs, ...} :
|
||||
in import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
{
|
||||
name = "containers-restart_networking";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ kampfschlaefer ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ kampfschlaefer ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "containers-tmpfs";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ ];
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ patryk27 ];
|
||||
};
|
||||
|
||||
machine =
|
||||
|
|
Loading…
Reference in a new issue