feature: cli support --add-host

Signed-off-by: Lang Chi <[email protected]>

Author: lang710

apis/server/container_bridge.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/alibaba/pouch/apis/metrics"
 	"github.com/alibaba/pouch/apis/types"
+	daemon_config "github.com/alibaba/pouch/daemon/config"
 	"github.com/alibaba/pouch/daemon/mgr"
 	"github.com/alibaba/pouch/pkg/httputils"
 	"github.com/alibaba/pouch/pkg/streams"
@@ -50,6 +51,11 @@ func (s *Server) createContainer(ctx context.Context, rw http.ResponseWriter, re
 		return httputils.NewHTTPError(err, http.StatusBadRequest)
 	}
 
+	// validate network settings
+	if err := daemon_config.ValidateNetMode(config); err != nil {
+		return httputils.NewHTTPError(err, http.StatusBadRequest)
+	}
+
 	name := req.FormValue("name")
 	//consider set specific id by url params
 	specificID := req.FormValue("specificId")

cli/common_flags.go

@@ -72,6 +72,7 @@ func addCommonFlags(flagSet *pflag.FlagSet) *container {
 	flagSet.StringVar(&c.ip, "ip", "", "Set IPv4 address of container endpoint")
 	flagSet.StringVar(&c.ipv6, "ip6", "", "Set IPv6 address of container endpoint")
 	flagSet.Int64Var(&c.netPriority, "net-priority", 0, "net priority")
+	flagSet.StringArrayVar(&c.extraHosts, "add-host", nil, "Add a custom host-to-IP mapping (host:ip)")
 	// dns
 	flagSet.StringArrayVar(&c.dns, "dns", nil, "Set DNS servers")
 	flagSet.StringSliceVar(&c.dnsOptions, "dns-option", nil, "Set DNS options")

cli/container.go

@@ -71,6 +71,7 @@ type container struct {
 	ipv6        string
 	macAddress  string
 	netPriority int64
+	extraHosts  []string
 	dns         []string
 	dnsOptions  []string
 	dnsSearch   []string
@@ -266,6 +267,7 @@ func (c *container) config() (*types.ContainerCreateConfig, error) {
 				Ulimits:       c.ulimit.Value(),
 				PidsLimit:     c.pidsLimit,
 			},
+			ExtraHosts:      c.extraHosts,
 			DNS:             c.dns,
 			DNSOptions:      c.dnsOptions,
 			DNSSearch:       c.dnsSearch,

daemon/config/config.go

@@ -30,6 +30,41 @@ const (
 	DefaultCgroupDriver = CgroupfsDriver
 )
 
+var (
+	// ErrConflictContainerNetworkAndLinks conflict between --net=container and links
+	ErrConflictContainerNetworkAndLinks = fmt.Errorf("Conflicting options: container type network can't be used with links. This would result in undefined behavior")
+	// ErrConflictUserDefinedNetworkAndLinks conflict between --net=<NETWORK> and links
+	ErrConflictUserDefinedNetworkAndLinks = fmt.Errorf("Conflicting options: networking can't be used with links. This would result in undefined behavior")
+	// ErrConflictSharedNetwork conflict between private and other networks
+	ErrConflictSharedNetwork = fmt.Errorf("Container sharing network namespace with another container or host cannot be connected to any other network")
+	// ErrConflictHostNetwork conflict from being disconnected from host network or connected to host network.
+	ErrConflictHostNetwork = fmt.Errorf("Container cannot be disconnected from host network or connected to host network")
+	// ErrConflictNoNetwork conflict between private and other networks
+	ErrConflictNoNetwork = fmt.Errorf("Container cannot be connected to multiple networks with one of the networks in private (none) mode")
+	// ErrConflictNetworkAndDNS conflict between --dns and the network mode
+	ErrConflictNetworkAndDNS = fmt.Errorf("Conflicting options: dns and the network mode")
+	// ErrConflictNetworkHostname conflict between the hostname and the network mode
+	ErrConflictNetworkHostname = fmt.Errorf("Conflicting options: hostname and the network mode")
+	// ErrConflictHostNetworkAndLinks conflict between --net=host and links
+	ErrConflictHostNetworkAndLinks = fmt.Errorf("Conflicting options: host type networking can't be used with links. This would result in undefined behavior")
+	// ErrConflictContainerNetworkAndMac conflict between the mac address and the network mode
+	ErrConflictContainerNetworkAndMac = fmt.Errorf("Conflicting options: mac-address and the network mode")
+	// ErrConflictNetworkHosts conflict between add-host and the network mode
+	ErrConflictNetworkHosts = fmt.Errorf("Conflicting options: custom host-to-IP mapping and the network mode")
+	// ErrConflictNetworkPublishPorts conflict between the publish options and the network mode
+	ErrConflictNetworkPublishPorts = fmt.Errorf("Conflicting options: port publishing and the container type network mode")
+	// ErrConflictNetworkExposePorts conflict between the expose option and the network mode
+	ErrConflictNetworkExposePorts = fmt.Errorf("Conflicting options: port exposing and the container type network mode")
+	// ErrUnsupportedNetworkAndIP conflict between network mode and requested ip address
+	ErrUnsupportedNetworkAndIP = fmt.Errorf("User specified IP address is supported on user defined networks only")
+	// ErrUnsupportedNetworkNoSubnetAndIP conflict between network with no configured subnet and requested ip address
+	ErrUnsupportedNetworkNoSubnetAndIP = fmt.Errorf("User specified IP address is supported only when connecting to networks with user configured subnets")
+	// ErrUnsupportedNetworkAndAlias conflict between network mode and alias
+	ErrUnsupportedNetworkAndAlias = fmt.Errorf("Network-scoped alias is supported only for containers in user defined networks")
+	// ErrConflictUTSHostname conflict between the hostname and the UTS mode
+	ErrConflictUTSHostname = fmt.Errorf("Conflicting options: hostname and the UTS mode")
+)
+
 // Config refers to daemon's whole configurations.
 type Config struct {
 	sync.Mutex `json:"-"`
@@ -308,3 +343,62 @@ func validateCgroupDriver(driver string) error {
 
 	return fmt.Errorf("invalid cgroup driver: %s, valid driver is cgroupfs or systemd", driver)
 }
+
+// ValidateNetMode ensures that the various combinations of requested
+// network settings are valid.
+func ValidateNetMode(config *types.ContainerCreateConfig) error {
+	c := config.ContainerConfig
+	hc := config.HostConfig
+	if hc == nil {
+		return nil
+	}
+	parts := strings.Split(string(hc.NetworkMode), ":")
+	if parts[0] == "container" {
+		if len(parts) < 2 || parts[1] == "" {
+			return fmt.Errorf("--net: invalid net mode: invalid container format container:<name|id>")
+		}
+
+		if c.Hostname != "" {
+			return ErrConflictNetworkHostname
+		}
+
+		if len(hc.Links) > 0 {
+			return ErrConflictContainerNetworkAndLinks
+		}
+
+		if len(hc.DNS) > 0 {
+			return ErrConflictNetworkAndDNS
+		}
+
+		if len(hc.ExtraHosts) > 0 {
+			return ErrConflictNetworkHosts
+		}
+
+		if c.MacAddress != "" {
+			return ErrConflictContainerNetworkAndMac
+		}
+
+		if len(hc.PortBindings) > 0 || hc.PublishAllPorts == true {
+			return ErrConflictNetworkPublishPorts
+		}
+
+		if len(c.ExposedPorts) > 0 {
+			return ErrConflictNetworkExposePorts
+		}
+	}
+
+	if hc.UTSMode == "host" && c.Hostname != "" {
+		return ErrConflictUTSHostname
+	}
+
+	if hc.NetworkMode == "host" {
+		if len(hc.Links) > 0 {
+			return ErrConflictHostNetworkAndLinks
+		}
+
+		if c.MacAddress != "" {
+			return ErrConflictContainerNetworkAndMac
+		}
+	}
+	return nil
+}

daemon/mgr/network.go

@@ -695,6 +695,13 @@ func buildSandboxOptions(config network.Config, endpoint *types.Endpoint) ([]lib
 
 	// TODO: secondary ip address
 	// TODO: parse extra hosts
+	for _, extraHost := range endpoint.ExtraHosts {
+		// allow IPv6 addresses in extra hosts; only split on first ":"
+		parts := strings.SplitN(extraHost, ":", 2)
+		fmt.Printf("\nparts[0]: %s, \n parts[1]: %s\n", parts[0], parts[1])
+		sandboxOptions = append(sandboxOptions, libnetwork.OptionExtraHost(parts[0], parts[1]))
+	}
+
 	var bindings = make(nat.PortMap)
 	if endpoint.PortBindings != nil {
 		for p, b := range endpoint.PortBindings {

test/cli_run_network_test.go

@@ -122,3 +122,32 @@ func (suite *PouchRunNetworkSuite) TestRunWithIP(c *check.C) {
 
 	c.Assert(found, check.Equals, true)
 }
+
+// TestRunAddHost is to verify run container with add-host flag
+func (suite *PouchRunNetworkSuite) TestRunAddHost(c *check.C) {
+	res := command.PouchRun("run", "--add-host=extra:86.75.30.9", "busybox", "grep", "extra", "/etc/hosts")
+	res.Assert(c, icmd.Success)
+
+	stdout := res.Stdout()
+	actual := strings.Trim(stdout, "\r\n")
+	if !strings.Contains(actual, "86.75.30.9\textra") {
+		c.Fatalf("expected '86.75.30.9\textra', but says: %q", actual)
+	}
+}
+
+func (suite *PouchRunNetworkSuite) TestRunAddHostInHostMode(c *check.C) {
+	expectedOutput := "1.2.3.4\textra"
+	res := command.PouchRun("run", "--add-host=extra:1.2.3.4", "--net=host", "busybox", "cat", "/etc/hosts")
+	res.Assert(c, icmd.Success)
+	if !strings.Contains(res.Stdout(), expectedOutput) {
+		check.Commentf("Expected '%s', but got %q", expectedOutput, res.Stdout())
+	}
+}
+
+func (suite *PouchRunNetworkSuite) TestConflictNetworkModeAndOptions(c *check.C) {
+	conflictOutput := "Conflicting options: custom host-to-IP mapping and the network mode"
+	res := command.PouchRun("run", "--net=container:other", "--add-host=name:8.8.8.8", "busybox", "ps")
+	if !strings.Contains(res.Stdout(), conflictOutput) {
+		check.Commentf("Expected '%s', but got %q", conflictOutput, res.Stdout())
+	}
+}