The option --dns, --dns-search, --dns-opt and --net=host should not be mutually exclusive.

This fix tries to address the issue raised in #21976 and allows
the options of `--dns`, `--dns-search`, `--dns-opt` and `--net=host`
to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
Yong Tang 2016-04-28 22:46:57 -07:00
parent 29dbcbad87
commit 23821fe586
6 changed files with 79 additions and 8 deletions

View file

@ -48,7 +48,11 @@ func (daemon *Daemon) buildSandboxOptions(container *container.Container, n libn
if container.HostConfig.NetworkMode.IsHost() {
sboxOptions = append(sboxOptions, libnetwork.OptionUseDefaultSandbox())
sboxOptions = append(sboxOptions, libnetwork.OptionOriginHostsPath("/etc/hosts"))
sboxOptions = append(sboxOptions, libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"))
if len(container.HostConfig.DNS) == 0 && len(daemon.configStore.DNS) == 0 &&
len(container.HostConfig.DNSSearch) == 0 && len(daemon.configStore.DNSSearch) == 0 &&
len(container.HostConfig.DNSOptions) == 0 && len(daemon.configStore.DNSOptions) == 0 {
sboxOptions = append(sboxOptions, libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"))
}
} else {
// OptionUseExternalKey is mandatory for userns support.
// But optional for non-userns support

View file

@ -382,11 +382,14 @@ name, they must be linked.
With the network set to `host` a container will share the host's
network stack and all interfaces from the host will be available to the
container. The container's hostname will match the hostname on the host
system. Note that `--add-host` `--dns` `--dns-search`
`--dns-opt` and `--mac-address` are invalid in `host` netmode. Even in `host`
system. Note that `--add-host` and `--mac-address` are invalid in `host` netmode. Even in `host`
network mode a container has its own UTS namespace by default. As such
`--hostname` is allowed in `host` network mode and will only change the
hostname inside the container.
Note also that `--dns`, `--dns-search` and `--dns-opt` are
valid in `host` mode and `/etc/resolv.conf` will be updated accordingly. However, the
update in `/etc/resolv.conf` only happens inside the container. No change will be
made for `/etc/resolv.conf` in host.
Compared to the default `bridge` mode, the `host` mode gives *significantly*
better networking performance since it uses the host's native networking stack

View file

@ -2332,3 +2332,39 @@ func (s *DockerDaemonSuite) TestBuildOnDisabledBridgeNetworkDaemon(c *check.C) {
c.Assert(err, check.IsNil, comment)
c.Assert(code, check.Equals, 0, comment)
}
// Test case for #21976
func (s *DockerDaemonSuite) TestDaemonDnsInHostMode(c *check.C) {
testRequires(c, SameHostDaemon, DaemonIsLinux)
err := s.d.StartWithBusybox("--dns", "1.2.3.4")
c.Assert(err, checker.IsNil)
expectedOutput := "nameserver 1.2.3.4"
out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
}
// Test case for #21976
func (s *DockerDaemonSuite) TestDaemonDnsSearchInHostMode(c *check.C) {
testRequires(c, SameHostDaemon, DaemonIsLinux)
err := s.d.StartWithBusybox("--dns-search", "example.com")
c.Assert(err, checker.IsNil)
expectedOutput := "search example.com"
out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
}
// Test case for #21976
func (s *DockerDaemonSuite) TestDaemonDnsOptionsInHostMode(c *check.C) {
testRequires(c, SameHostDaemon, DaemonIsLinux)
err := s.d.StartWithBusybox("--dns-opt", "timeout:3")
c.Assert(err, checker.IsNil)
expectedOutput := "options timeout:3"
out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
}

View file

@ -67,10 +67,7 @@ func (s *DockerSuite) TestConflictContainerNetworkHostAndLinks(c *check.C) {
func (s *DockerSuite) TestConflictNetworkModeNetHostAndOptions(c *check.C) {
testRequires(c, DaemonIsLinux, NotUserNamespace)
out, _ := dockerCmdWithFail(c, "run", "--net=host", "--dns=8.8.8.8", "busybox", "ps")
c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkAndDNS.Error())
out, _ = dockerCmdWithFail(c, "run", "--net=host", "--add-host=name:8.8.8.8", "busybox", "ps")
out, _ := dockerCmdWithFail(c, "run", "--net=host", "--add-host=name:8.8.8.8", "busybox", "ps")
c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkHosts.Error())
out, _ = dockerCmdWithFail(c, "run", "--net=host", "--mac-address=92:d0:c6:0a:29:33", "busybox", "ps")

View file

@ -4370,3 +4370,34 @@ func (s *DockerSuite) TestRunTooLongHostname(c *check.C) {
}
}
// Test case for #21976
func (s *DockerSuite) TestRunDnsInHostMode(c *check.C) {
testRequires(c, DaemonIsLinux, NotUserNamespace)
expectedOutput := "nameserver 127.0.0.1"
expectedWarning := "Localhost DNS setting"
out, stderr, _ := dockerCmdWithStdoutStderr(c, "run", "--dns=127.0.0.1", "--net=host", "busybox", "cat", "/etc/resolv.conf")
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
c.Assert(stderr, checker.Contains, expectedWarning, check.Commentf("Expected warning on stderr about localhost resolver, but got %q", stderr))
expectedOutput = "nameserver 1.2.3.4"
out, _ = dockerCmd(c, "run", "--dns=1.2.3.4", "--net=host", "busybox", "cat", "/etc/resolv.conf")
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
expectedOutput = "search example.com"
out, _ = dockerCmd(c, "run", "--dns-search=example.com", "--net=host", "busybox", "cat", "/etc/resolv.conf")
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
expectedOutput = "options timeout:3"
out, _ = dockerCmd(c, "run", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf")
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
expectedOutput1 := "nameserver 1.2.3.4"
expectedOutput2 := "search example.com"
expectedOutput3 := "options timeout:3"
out, _ = dockerCmd(c, "run", "--dns=1.2.3.4", "--dns-search=example.com", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf")
c.Assert(out, checker.Contains, expectedOutput1, check.Commentf("Expected '%s', but got %q", expectedOutput1, out))
c.Assert(out, checker.Contains, expectedOutput2, check.Commentf("Expected '%s', but got %q", expectedOutput2, out))
c.Assert(out, checker.Contains, expectedOutput3, check.Commentf("Expected '%s', but got %q", expectedOutput3, out))
}

View file

@ -52,7 +52,7 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
return ErrConflictContainerNetworkAndLinks
}
if (hc.NetworkMode.IsHost() || hc.NetworkMode.IsContainer()) && len(hc.DNS) > 0 {
if hc.NetworkMode.IsContainer() && len(hc.DNS) > 0 {
return ErrConflictNetworkAndDNS
}