The option --dns, --dns-search, --dns-opt and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows the options of `--dns`, `--dns-search`, `--dns-opt` and `--net=host` to work at the same time. The documentation has been updated and additional tests have been added to cover this change. This fix fixes #21976. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
parent
29dbcbad87
commit
23821fe586
6 changed files with 79 additions and 8 deletions
|
@ -48,7 +48,11 @@ func (daemon *Daemon) buildSandboxOptions(container *container.Container, n libn
|
|||
if container.HostConfig.NetworkMode.IsHost() {
|
||||
sboxOptions = append(sboxOptions, libnetwork.OptionUseDefaultSandbox())
|
||||
sboxOptions = append(sboxOptions, libnetwork.OptionOriginHostsPath("/etc/hosts"))
|
||||
sboxOptions = append(sboxOptions, libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"))
|
||||
if len(container.HostConfig.DNS) == 0 && len(daemon.configStore.DNS) == 0 &&
|
||||
len(container.HostConfig.DNSSearch) == 0 && len(daemon.configStore.DNSSearch) == 0 &&
|
||||
len(container.HostConfig.DNSOptions) == 0 && len(daemon.configStore.DNSOptions) == 0 {
|
||||
sboxOptions = append(sboxOptions, libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"))
|
||||
}
|
||||
} else {
|
||||
// OptionUseExternalKey is mandatory for userns support.
|
||||
// But optional for non-userns support
|
||||
|
|
|
@ -382,11 +382,14 @@ name, they must be linked.
|
|||
With the network set to `host` a container will share the host's
|
||||
network stack and all interfaces from the host will be available to the
|
||||
container. The container's hostname will match the hostname on the host
|
||||
system. Note that `--add-host` `--dns` `--dns-search`
|
||||
`--dns-opt` and `--mac-address` are invalid in `host` netmode. Even in `host`
|
||||
system. Note that `--add-host` and `--mac-address` are invalid in `host` netmode. Even in `host`
|
||||
network mode a container has its own UTS namespace by default. As such
|
||||
`--hostname` is allowed in `host` network mode and will only change the
|
||||
hostname inside the container.
|
||||
Note also that `--dns`, `--dns-search` and `--dns-opt` are
|
||||
valid in `host` mode and `/etc/resolv.conf` will be updated accordingly. However, the
|
||||
update in `/etc/resolv.conf` only happens inside the container. No change will be
|
||||
made for `/etc/resolv.conf` in host.
|
||||
|
||||
Compared to the default `bridge` mode, the `host` mode gives *significantly*
|
||||
better networking performance since it uses the host's native networking stack
|
||||
|
|
|
@ -2332,3 +2332,39 @@ func (s *DockerDaemonSuite) TestBuildOnDisabledBridgeNetworkDaemon(c *check.C) {
|
|||
c.Assert(err, check.IsNil, comment)
|
||||
c.Assert(code, check.Equals, 0, comment)
|
||||
}
|
||||
|
||||
// Test case for #21976
|
||||
func (s *DockerDaemonSuite) TestDaemonDnsInHostMode(c *check.C) {
|
||||
testRequires(c, SameHostDaemon, DaemonIsLinux)
|
||||
|
||||
err := s.d.StartWithBusybox("--dns", "1.2.3.4")
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
expectedOutput := "nameserver 1.2.3.4"
|
||||
out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
|
||||
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
|
||||
}
|
||||
|
||||
// Test case for #21976
|
||||
func (s *DockerDaemonSuite) TestDaemonDnsSearchInHostMode(c *check.C) {
|
||||
testRequires(c, SameHostDaemon, DaemonIsLinux)
|
||||
|
||||
err := s.d.StartWithBusybox("--dns-search", "example.com")
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
expectedOutput := "search example.com"
|
||||
out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
|
||||
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
|
||||
}
|
||||
|
||||
// Test case for #21976
|
||||
func (s *DockerDaemonSuite) TestDaemonDnsOptionsInHostMode(c *check.C) {
|
||||
testRequires(c, SameHostDaemon, DaemonIsLinux)
|
||||
|
||||
err := s.d.StartWithBusybox("--dns-opt", "timeout:3")
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
expectedOutput := "options timeout:3"
|
||||
out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf")
|
||||
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
|
||||
}
|
||||
|
|
|
@ -67,10 +67,7 @@ func (s *DockerSuite) TestConflictContainerNetworkHostAndLinks(c *check.C) {
|
|||
func (s *DockerSuite) TestConflictNetworkModeNetHostAndOptions(c *check.C) {
|
||||
testRequires(c, DaemonIsLinux, NotUserNamespace)
|
||||
|
||||
out, _ := dockerCmdWithFail(c, "run", "--net=host", "--dns=8.8.8.8", "busybox", "ps")
|
||||
c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkAndDNS.Error())
|
||||
|
||||
out, _ = dockerCmdWithFail(c, "run", "--net=host", "--add-host=name:8.8.8.8", "busybox", "ps")
|
||||
out, _ := dockerCmdWithFail(c, "run", "--net=host", "--add-host=name:8.8.8.8", "busybox", "ps")
|
||||
c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkHosts.Error())
|
||||
|
||||
out, _ = dockerCmdWithFail(c, "run", "--net=host", "--mac-address=92:d0:c6:0a:29:33", "busybox", "ps")
|
||||
|
|
|
@ -4370,3 +4370,34 @@ func (s *DockerSuite) TestRunTooLongHostname(c *check.C) {
|
|||
|
||||
}
|
||||
}
|
||||
|
||||
// Test case for #21976
|
||||
func (s *DockerSuite) TestRunDnsInHostMode(c *check.C) {
|
||||
testRequires(c, DaemonIsLinux, NotUserNamespace)
|
||||
|
||||
expectedOutput := "nameserver 127.0.0.1"
|
||||
expectedWarning := "Localhost DNS setting"
|
||||
out, stderr, _ := dockerCmdWithStdoutStderr(c, "run", "--dns=127.0.0.1", "--net=host", "busybox", "cat", "/etc/resolv.conf")
|
||||
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
|
||||
c.Assert(stderr, checker.Contains, expectedWarning, check.Commentf("Expected warning on stderr about localhost resolver, but got %q", stderr))
|
||||
|
||||
expectedOutput = "nameserver 1.2.3.4"
|
||||
out, _ = dockerCmd(c, "run", "--dns=1.2.3.4", "--net=host", "busybox", "cat", "/etc/resolv.conf")
|
||||
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
|
||||
|
||||
expectedOutput = "search example.com"
|
||||
out, _ = dockerCmd(c, "run", "--dns-search=example.com", "--net=host", "busybox", "cat", "/etc/resolv.conf")
|
||||
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
|
||||
|
||||
expectedOutput = "options timeout:3"
|
||||
out, _ = dockerCmd(c, "run", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf")
|
||||
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out))
|
||||
|
||||
expectedOutput1 := "nameserver 1.2.3.4"
|
||||
expectedOutput2 := "search example.com"
|
||||
expectedOutput3 := "options timeout:3"
|
||||
out, _ = dockerCmd(c, "run", "--dns=1.2.3.4", "--dns-search=example.com", "--dns-opt=timeout:3", "--net=host", "busybox", "cat", "/etc/resolv.conf")
|
||||
c.Assert(out, checker.Contains, expectedOutput1, check.Commentf("Expected '%s', but got %q", expectedOutput1, out))
|
||||
c.Assert(out, checker.Contains, expectedOutput2, check.Commentf("Expected '%s', but got %q", expectedOutput2, out))
|
||||
c.Assert(out, checker.Contains, expectedOutput3, check.Commentf("Expected '%s', but got %q", expectedOutput3, out))
|
||||
}
|
||||
|
|
|
@ -52,7 +52,7 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
|
|||
return ErrConflictContainerNetworkAndLinks
|
||||
}
|
||||
|
||||
if (hc.NetworkMode.IsHost() || hc.NetworkMode.IsContainer()) && len(hc.DNS) > 0 {
|
||||
if hc.NetworkMode.IsContainer() && len(hc.DNS) > 0 {
|
||||
return ErrConflictNetworkAndDNS
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue