Linux Network Devices #4538
Linux Network Devices #4538
Conversation
aojea
force-pushed
the
netdevices
branch
2 times, most recently
from
bdb31c1 to
0b771ca
Compare
aojea
force-pushed
the
netdevices
branch
2 times, most recently
from
07d3b0b to
3833056
Compare
aojea
force-pushed
the
netdevices
branch
2 times, most recently
from
67f12e0 to
d114afe
Compare
aojea
force-pushed
the
netdevices
branch
2 times, most recently
from
ec90a02 to
f4f5d02
Compare
aojea
force-pushed
the
netdevices
branch
2 times, most recently
from
735f9d5 to
ce1f612
Compare
aojea
force-pushed
the
netdevices
branch
4 times, most recently
from
6262c5e to
c530772
Compare
aojea
force-pushed
the
netdevices
branch
5 times, most recently
from
4380e86 to
f53d263
Compare
|
@aojea friendly reminder that this should be ready soon, we are cutting 1.3.0-rc.1 soon (maybe this week). The spec part is still not sure when it will be merged? |
diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats
index 3db34061..7608e4ff 100644
--- a/tests/integration/checkpoint.bats
+++ b/tests/integration/checkpoint.bats
@@ -2,14 +2,34 @@
load helpers
+function create_netns() {
+ # Create a temporary name for the test network namespace.
+ tmp=$(mktemp -u)
+ ns_name=$(basename "$tmp")
+
+ # Create the network namespace.
+ ip netns add "$ns_name"
+ ns_path=$(ip netns add "$ns_name" 2>&1 | sed -e 's/.*"\(.*\)".*/\1/')
+}
+
+function delete_netns() {
+ # Delete the namespace only if the ns_name variable is set.
+ [ -v ns_name ] && ip netns del "$ns_name"
+}
+
function setup() {
# XXX: currently criu require root containers.
requires criu root
setup_busybox
+
+ # Create a dummy interface to move to the container.
+ ip link add dummy0 type dummy
}
function teardown() {
+ ip link del dev dummy0
+ delete_netns
teardown_bundle
}
@@ -100,10 +120,16 @@ function runc_restore_with_pipes() {
}
function simple_cr() {
+ # Tell runc which network namespace to use.
+ # create_netns
+ # update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"'
+ update_config ' .linux.netDevices |= {"dummy0": {} }'
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
+ runc exec test_busybox ip address show dev dummy0
+ [ "$status" -eq 0 ]
for _ in $(seq 2); do
# checkpoint the running container
@@ -119,6 +145,8 @@ function simple_cr() {
# busybox should be back up and running
testcontainer test_busybox running
+ runc exec test_busybox ip address show dev dummy0
+ [ "$status" -eq 0 ]
done
} |
|
@lifubang at the cost of duplicating code but to improve test errors troubleshooting I duplicated the test cases so we can have simple_cr and simple_cr_with_netdevice, if there is a problem with the netdevice logic then we can spot it very easy since will only affect ones and no the others |
|
failed job with
|
@alexellis May I ask your help here, is there some special changes cause we can't use It seems that the failure occurred from 4 days ago. Please see: https://github.com/opencontainers/runc/actions/runs/15232466902/job/42841958687 The other solution is to change |
|
The rootless test on the arm64 architecture continues to fail, opened a new issue to track: #4776. |
|
Hi @lifubang happy to help but, we do not provide any support for actuated via GitHub - only by Slack. I've only just seen these mentions.
That sounds like a better solution. I always prefer 127.0.0.1 over "localhost" - especially on systems with IPv6.. sometimes those resolutions will hang indefinitely. I can't think of a reason why localhost wouldn't resolve off the top of my head, but you can explore the VM image in an SSH session and poke around. That's the best way - access it here - https://docs.actuated.com/tasks/debug-ssh/ You can also create a dummy repo and job and run a command like Support for rootless containers is built into the Kernel, are there any specific Alex |
|
What is the context in which this command is being run? On the host directly, in a container? There is no entry in Can you try a test in your build of adding Perhaps conditionally if needed? Something like this should work - name: Add entry to hosts
if: ${{ runner.arch != 'ARM64' }}
run: |
echo "127.0.0.1 localhost" | sudo tee /etc/hostsIf I had Seems like you should be more explicit - if you have only bound SSH to 127.0.0.1 over IPv4 - the default is to resolve to the IPv6 loopback, so your workaround is probably the correct solution |
|
Thanks, @alexellis! |
| ip address add "$global_ip" dev dummy0 | ||
|
|
||
| # Tell runc which network namespace to use. | ||
| create_netns |
There was a problem hiding this comment.
If we only use the network namespace created by runc, this test will fail.
I think maybe there is no such scenario, so we can let it to be implemented in the future if someone needs it.
There was a problem hiding this comment.
@lifubang can you elaborate? How do you expect this to fail exactly? Also, tests are green, is that unexpected?
There was a problem hiding this comment.
@rata Please see:
#4538 (comment)
It's all about the netns managed only by runc, not managed by the high-level container runtimes.
It means that we didn't specific the net ns path in config.json.
|
I've put 127.0.0.1 first in /etc/hosts so if you'd still like to use |
Thanks, Alex. It's indeed work now, but very strange, I can't see your mentioned change: And I see the sshd_config, the config about listener looks like this: So, maybe the ssh listened on all ipv4 and ipv6 now? |
Signed-off-by: Antonio Ojea <[email protected]>
Signed-off-by: Antonio Ojea <[email protected]>
Implement support for passing Linux Network Devices to the container network namespace. The network device is passed during the creation of the container, before the process is started. It implements the logic defined in the OCI runtime specification. Signed-off-by: Antonio Ojea <[email protected]>
|
kindly reminder @rata and/or @kolyshkin 😄 |
does not look related |
|
Yeap, doesn't seem related. I'm triggered a re-run |
There was a problem hiding this comment.
@aojea Thanks for the PR and the patience with the reviews. LGTM :)
Sorry for the late review, I was AFK.
I'll wait for @lifubang to comment on my question (or if @kolyshkin wants to have a look). I'll aim to merge tomorrow, unless @lifubang opposes. Worst case, we can improve it in a follow-up. Can I count on you @aojea if it's needed? :)
| ip address add "$global_ip" dev dummy0 | ||
|
|
||
| # Tell runc which network namespace to use. | ||
| create_netns |
There was a problem hiding this comment.
@lifubang can you elaborate? How do you expect this to fail exactly? Also, tests are green, is that unexpected?
|
thank you very much folks |
Implementation of opencontainers/runtime-spec#1271
It implements the new proposal to the OCI spec to be able to specify Network Devices that get attached
detachedfrom the containers (updated to match the merged proposal opencontainers/runtime-spec#1271)