github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/test/e2e/run_networking_test.go (about) 1 package integration 2 3 import ( 4 "fmt" 5 "net" 6 "os" 7 "strings" 8 "syscall" 9 10 "github.com/containernetworking/plugins/pkg/ns" 11 . "github.com/hanks177/podman/v4/test/utils" 12 "github.com/containers/storage/pkg/stringid" 13 . "github.com/onsi/ginkgo" 14 . "github.com/onsi/gomega" 15 . "github.com/onsi/gomega/gexec" 16 "github.com/uber/jaeger-client-go/utils" 17 "github.com/vishvananda/netlink" 18 ) 19 20 var _ = Describe("Podman run networking", func() { 21 var ( 22 tempdir string 23 err error 24 podmanTest *PodmanTestIntegration 25 hostname, _ = os.Hostname() 26 ) 27 28 BeforeEach(func() { 29 tempdir, err = CreateTempDirInTempDir() 30 if err != nil { 31 os.Exit(1) 32 } 33 podmanTest = PodmanTestCreate(tempdir) 34 podmanTest.Setup() 35 }) 36 37 AfterEach(func() { 38 podmanTest.Cleanup() 39 f := CurrentGinkgoTestDescription() 40 processTestResult(f) 41 42 }) 43 44 It("podman run network connection with default bridge", func() { 45 session := podmanTest.Podman([]string{"run", "-dt", ALPINE, "wget", "www.podman.io"}) 46 session.Wait(90) 47 Expect(session).Should(Exit(0)) 48 }) 49 50 It("podman run network connection with host", func() { 51 session := podmanTest.Podman([]string{"run", "-dt", "--network", "host", ALPINE, "wget", "www.podman.io"}) 52 session.Wait(90) 53 Expect(session).Should(Exit(0)) 54 }) 55 56 It("podman run network connection with default", func() { 57 session := podmanTest.Podman([]string{"run", "--network", "default", ALPINE, "wget", "www.podman.io"}) 58 session.WaitWithDefaultTimeout() 59 Expect(session).Should(Exit(0)) 60 }) 61 62 It("podman run network connection with none", func() { 63 session := podmanTest.Podman([]string{"run", "--network", "none", ALPINE, "wget", "www.podman.io"}) 64 session.WaitWithDefaultTimeout() 65 Expect(session).Should(Exit(1)) 66 Expect(session.ErrorToString()).To(ContainSubstring("wget: bad address 'www.podman.io'")) 67 }) 68 69 It("podman run network connection with private", func() { 70 session := podmanTest.Podman([]string{"run", "--network", "private", ALPINE, "wget", "www.podman.io"}) 71 session.WaitWithDefaultTimeout() 72 Expect(session).Should(Exit(0)) 73 }) 74 75 It("podman run network connection with loopback", func() { 76 session := podmanTest.Podman([]string{"run", "--network", "host", ALPINE, "wget", "www.podman.io"}) 77 session.WaitWithDefaultTimeout() 78 Expect(session).Should(Exit(0)) 79 }) 80 81 It("podman run network expose port 222", func() { 82 SkipIfRootless("iptables is not supported for rootless users") 83 session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", "-P", ALPINE, "/bin/sh"}) 84 session.WaitWithDefaultTimeout() 85 Expect(session).Should(Exit(0)) 86 results := SystemExec("iptables", []string{"-t", "nat", "-nvL"}) 87 Expect(results).Should(Exit(0)) 88 Expect(results.OutputToString()).To(ContainSubstring("222")) 89 Expect(results.OutputToString()).To(ContainSubstring("223")) 90 }) 91 92 It("podman run -p 80", func() { 93 name := "testctr" 94 session := podmanTest.Podman([]string{"create", "-t", "-p", "80", "--name", name, ALPINE, "/bin/sh"}) 95 session.WaitWithDefaultTimeout() 96 inspectOut := podmanTest.InspectContainer(name) 97 Expect(inspectOut).To(HaveLen(1)) 98 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 99 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 100 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80"))) 101 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 102 }) 103 104 It("podman run -p 80-82 -p 8090:8090", func() { 105 name := "testctr" 106 session := podmanTest.Podman([]string{"create", "-t", "-p", "80-82", "-p", "8090:8090", "--name", name, ALPINE, "/bin/sh"}) 107 session.WaitWithDefaultTimeout() 108 inspectOut := podmanTest.InspectContainer(name) 109 Expect(inspectOut).To(HaveLen(1)) 110 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(4)) 111 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 112 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80"))) 113 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 114 Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"]).To(HaveLen(1)) 115 Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0].HostPort).To(Not(Equal("81"))) 116 Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0]).To(HaveField("HostIP", "")) 117 Expect(inspectOut[0].NetworkSettings.Ports["82/tcp"]).To(HaveLen(1)) 118 Expect(inspectOut[0].NetworkSettings.Ports["82/tcp"][0].HostPort).To(Not(Equal("82"))) 119 Expect(inspectOut[0].NetworkSettings.Ports["82/tcp"][0]).To(HaveField("HostIP", "")) 120 Expect(inspectOut[0].NetworkSettings.Ports["8090/tcp"]).To(HaveLen(1)) 121 Expect(inspectOut[0].NetworkSettings.Ports["8090/tcp"][0]).To(HaveField("HostPort", "8090")) 122 Expect(inspectOut[0].NetworkSettings.Ports["8090/tcp"][0]).To(HaveField("HostIP", "")) 123 }) 124 125 It("podman run -p 80-81 -p 8180-8181", func() { 126 name := "testctr" 127 session := podmanTest.Podman([]string{"create", "-t", "-p", "80-81", "-p", "8180-8181", "--name", name, ALPINE, "/bin/sh"}) 128 session.WaitWithDefaultTimeout() 129 inspectOut := podmanTest.InspectContainer(name) 130 Expect(inspectOut).To(HaveLen(1)) 131 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(4)) 132 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 133 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80"))) 134 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 135 Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"]).To(HaveLen(1)) 136 Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0].HostPort).To(Not(Equal("81"))) 137 Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0]).To(HaveField("HostIP", "")) 138 Expect(inspectOut[0].NetworkSettings.Ports["8180/tcp"]).To(HaveLen(1)) 139 Expect(inspectOut[0].NetworkSettings.Ports["8180/tcp"][0].HostPort).To(Not(Equal("8180"))) 140 Expect(inspectOut[0].NetworkSettings.Ports["8180/tcp"][0]).To(HaveField("HostIP", "")) 141 Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"]).To(HaveLen(1)) 142 Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"][0].HostPort).To(Not(Equal("8181"))) 143 Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"][0]).To(HaveField("HostIP", "")) 144 }) 145 146 It("podman run -p 80 -p 8280-8282:8280-8282", func() { 147 name := "testctr" 148 session := podmanTest.Podman([]string{"create", "-t", "-p", "80", "-p", "8280-8282:8280-8282", "--name", name, ALPINE, "/bin/sh"}) 149 session.WaitWithDefaultTimeout() 150 inspectOut := podmanTest.InspectContainer(name) 151 Expect(inspectOut).To(HaveLen(1)) 152 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(4)) 153 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 154 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80"))) 155 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 156 Expect(inspectOut[0].NetworkSettings.Ports["8280/tcp"]).To(HaveLen(1)) 157 Expect(inspectOut[0].NetworkSettings.Ports["8280/tcp"][0]).To(HaveField("HostPort", "8280")) 158 Expect(inspectOut[0].NetworkSettings.Ports["8280/tcp"][0]).To(HaveField("HostIP", "")) 159 Expect(inspectOut[0].NetworkSettings.Ports["8281/tcp"]).To(HaveLen(1)) 160 Expect(inspectOut[0].NetworkSettings.Ports["8281/tcp"][0]).To(HaveField("HostPort", "8281")) 161 Expect(inspectOut[0].NetworkSettings.Ports["8281/tcp"][0]).To(HaveField("HostIP", "")) 162 Expect(inspectOut[0].NetworkSettings.Ports["8282/tcp"]).To(HaveLen(1)) 163 Expect(inspectOut[0].NetworkSettings.Ports["8282/tcp"][0]).To(HaveField("HostPort", "8282")) 164 Expect(inspectOut[0].NetworkSettings.Ports["8282/tcp"][0]).To(HaveField("HostIP", "")) 165 }) 166 167 It("podman run -p 8380:80", func() { 168 name := "testctr" 169 session := podmanTest.Podman([]string{"create", "-t", "-p", "8380:80", "--name", name, ALPINE, "/bin/sh"}) 170 session.WaitWithDefaultTimeout() 171 inspectOut := podmanTest.InspectContainer(name) 172 Expect(inspectOut).To(HaveLen(1)) 173 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 174 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 175 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "8380")) 176 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 177 }) 178 179 It("podman run -p 8480:80/TCP", func() { 180 name := "testctr" 181 // "TCP" in upper characters 182 session := podmanTest.Podman([]string{"create", "-t", "-p", "8480:80/TCP", "--name", name, ALPINE, "/bin/sh"}) 183 session.WaitWithDefaultTimeout() 184 inspectOut := podmanTest.InspectContainer(name) 185 Expect(inspectOut).To(HaveLen(1)) 186 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 187 // "tcp" in lower characters 188 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 189 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "8480")) 190 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 191 }) 192 193 It("podman run -p 80/udp", func() { 194 name := "testctr" 195 session := podmanTest.Podman([]string{"create", "-t", "-p", "80/udp", "--name", name, ALPINE, "/bin/sh"}) 196 session.WaitWithDefaultTimeout() 197 inspectOut := podmanTest.InspectContainer(name) 198 Expect(inspectOut).To(HaveLen(1)) 199 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 200 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"]).To(HaveLen(1)) 201 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0].HostPort).To(Not(Equal("80"))) 202 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostIP", "")) 203 }) 204 205 It("podman run -p 127.0.0.1:8580:80", func() { 206 name := "testctr" 207 session := podmanTest.Podman([]string{"create", "-t", "-p", "127.0.0.1:8580:80", "--name", name, ALPINE, "/bin/sh"}) 208 session.WaitWithDefaultTimeout() 209 inspectOut := podmanTest.InspectContainer(name) 210 Expect(inspectOut).To(HaveLen(1)) 211 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 212 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 213 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "8580")) 214 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "127.0.0.1")) 215 }) 216 217 It("podman run -p 127.0.0.1:8680:80/udp", func() { 218 name := "testctr" 219 session := podmanTest.Podman([]string{"create", "-t", "-p", "127.0.0.1:8680:80/udp", "--name", name, ALPINE, "/bin/sh"}) 220 session.WaitWithDefaultTimeout() 221 inspectOut := podmanTest.InspectContainer(name) 222 Expect(inspectOut).To(HaveLen(1)) 223 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 224 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"]).To(HaveLen(1)) 225 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostPort", "8680")) 226 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostIP", "127.0.0.1")) 227 }) 228 229 It("podman run -p [::1]:8780:80/udp", func() { 230 name := "testctr" 231 session := podmanTest.Podman([]string{"create", "-t", "-p", "[::1]:8780:80/udp", "--name", name, ALPINE, "/bin/sh"}) 232 session.WaitWithDefaultTimeout() 233 inspectOut := podmanTest.InspectContainer(name) 234 Expect(inspectOut).To(HaveLen(1)) 235 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 236 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"]).To(HaveLen(1)) 237 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostPort", "8780")) 238 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostIP", "::1")) 239 }) 240 241 It("podman run -p [::1]:8880:80/tcp", func() { 242 name := "testctr" 243 session := podmanTest.Podman([]string{"create", "-t", "-p", "[::1]:8880:80/tcp", "--name", name, ALPINE, "/bin/sh"}) 244 session.WaitWithDefaultTimeout() 245 inspectOut := podmanTest.InspectContainer(name) 246 Expect(inspectOut).To(HaveLen(1)) 247 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 248 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 249 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "8880")) 250 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "::1")) 251 }) 252 253 It("podman run --expose 80 -P", func() { 254 name := "testctr" 255 session := podmanTest.Podman([]string{"create", "-t", "--expose", "80", "-P", "--name", name, ALPINE, "/bin/sh"}) 256 session.WaitWithDefaultTimeout() 257 inspectOut := podmanTest.InspectContainer(name) 258 Expect(inspectOut).To(HaveLen(1)) 259 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 260 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 261 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("0"))) 262 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 263 }) 264 265 It("podman run --expose 80/udp -P", func() { 266 name := "testctr" 267 session := podmanTest.Podman([]string{"create", "-t", "--expose", "80/udp", "-P", "--name", name, ALPINE, "/bin/sh"}) 268 session.WaitWithDefaultTimeout() 269 inspectOut := podmanTest.InspectContainer(name) 270 Expect(inspectOut).To(HaveLen(1)) 271 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 272 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"]).To(HaveLen(1)) 273 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0].HostPort).To(Not(Equal("0"))) 274 Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostIP", "")) 275 }) 276 277 It("podman run --expose 80 -p 80", func() { 278 name := "testctr" 279 session := podmanTest.Podman([]string{"create", "-t", "--expose", "80", "-p", "80", "--name", name, ALPINE, "/bin/sh"}) 280 session.WaitWithDefaultTimeout() 281 inspectOut := podmanTest.InspectContainer(name) 282 Expect(inspectOut).To(HaveLen(1)) 283 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 284 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 285 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80"))) 286 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 287 }) 288 289 It("podman run --publish-all with EXPOSE port ranges in Dockerfile", func() { 290 // Test port ranges, range with protocol and with an overlapping port 291 podmanTest.AddImageToRWStore(ALPINE) 292 dockerfile := fmt.Sprintf(`FROM %s 293 EXPOSE 2002 294 EXPOSE 2001-2003 295 EXPOSE 2004-2005/tcp`, ALPINE) 296 imageName := "testimg" 297 podmanTest.BuildImage(dockerfile, imageName, "false") 298 299 // Verify that the buildah is just passing through the EXPOSE keys 300 inspect := podmanTest.Podman([]string{"inspect", imageName}) 301 inspect.WaitWithDefaultTimeout() 302 image := inspect.InspectImageJSON() 303 Expect(image).To(HaveLen(1)) 304 Expect(image[0].Config.ExposedPorts).To(HaveLen(3)) 305 Expect(image[0].Config.ExposedPorts).To(HaveKey("2002/tcp")) 306 Expect(image[0].Config.ExposedPorts).To(HaveKey("2001-2003/tcp")) 307 Expect(image[0].Config.ExposedPorts).To(HaveKey("2004-2005/tcp")) 308 309 containerName := "testcontainer" 310 session := podmanTest.Podman([]string{"create", "--name", containerName, imageName, "true"}) 311 session.WaitWithDefaultTimeout() 312 inspectOut := podmanTest.InspectContainer(containerName) 313 Expect(inspectOut).To(HaveLen(1)) 314 315 // Inspect the network settings with available ports to be mapped to the host 316 // Don't need to verity HostConfig.PortBindings since we used --publish-all 317 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(5)) 318 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2001/tcp")) 319 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2002/tcp")) 320 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2003/tcp")) 321 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2004/tcp")) 322 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2005/tcp")) 323 }) 324 325 It("podman run -p 127.0.0.1::8980/udp", func() { 326 name := "testctr" 327 session := podmanTest.Podman([]string{"create", "-t", "-p", "127.0.0.1::8980/udp", "--name", name, ALPINE, "/bin/sh"}) 328 session.WaitWithDefaultTimeout() 329 inspectOut := podmanTest.InspectContainer(name) 330 Expect(inspectOut).To(HaveLen(1)) 331 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 332 Expect(inspectOut[0].NetworkSettings.Ports["8980/udp"]).To(HaveLen(1)) 333 Expect(inspectOut[0].NetworkSettings.Ports["8980/udp"][0].HostPort).To(Not(Equal("8980"))) 334 Expect(inspectOut[0].NetworkSettings.Ports["8980/udp"][0]).To(HaveField("HostIP", "127.0.0.1")) 335 }) 336 337 It("podman run -p :8181", func() { 338 name := "testctr" 339 session := podmanTest.Podman([]string{"create", "-t", "-p", ":8181", "--name", name, ALPINE, "/bin/sh"}) 340 session.WaitWithDefaultTimeout() 341 inspectOut := podmanTest.InspectContainer(name) 342 Expect(inspectOut).To(HaveLen(1)) 343 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 344 Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"]).To(HaveLen(1)) 345 Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"][0].HostPort).To(Not(Equal("8181"))) 346 Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"][0]).To(HaveField("HostIP", "")) 347 }) 348 349 It("podman run -p xxx:8080 -p yyy:8080", func() { 350 name := "testctr" 351 session := podmanTest.Podman([]string{"create", "-t", "-p", "4444:8080", "-p", "5555:8080", "--name", name, ALPINE, "/bin/sh"}) 352 session.WaitWithDefaultTimeout() 353 inspectOut := podmanTest.InspectContainer(name) 354 Expect(inspectOut).To(HaveLen(1)) 355 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 356 Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"]).To(HaveLen(2)) 357 358 hp1 := inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostPort 359 hp2 := inspectOut[0].NetworkSettings.Ports["8080/tcp"][1].HostPort 360 361 // We can't guarantee order 362 Expect((hp1 == "4444" && hp2 == "5555") || (hp1 == "5555" && hp2 == "4444")).To(BeTrue()) 363 }) 364 365 It("podman run -p 0.0.0.0:9280:80", func() { 366 name := "testctr" 367 session := podmanTest.Podman([]string{"create", "-t", "-p", "0.0.0.0:9280:80", "--name", name, ALPINE, "/bin/sh"}) 368 session.WaitWithDefaultTimeout() 369 inspectOut := podmanTest.InspectContainer(name) 370 Expect(inspectOut).To(HaveLen(1)) 371 Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1)) 372 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1)) 373 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "9280")) 374 Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "")) 375 }) 376 377 It("podman run network expose host port 80 to container port", func() { 378 SkipIfRootless("iptables is not supported for rootless users") 379 port1 := GetPort() 380 port2 := GetPort() 381 session := podmanTest.Podman([]string{"run", "-dt", "-p", fmt.Sprintf("%d:%d", port1, port2), ALPINE, "/bin/sh"}) 382 session.WaitWithDefaultTimeout() 383 Expect(session).Should(Exit(0)) 384 results := SystemExec("iptables", []string{"-t", "nat", "-nvL"}) 385 Expect(results).Should(Exit(0)) 386 Expect(results.OutputToString()).To(ContainSubstring(fmt.Sprintf("%d", port2))) 387 388 ncBusy := SystemExec("nc", []string{"-l", "-p", fmt.Sprintf("%d", port1)}) 389 Expect(ncBusy).To(ExitWithError()) 390 }) 391 392 It("podman run network expose host port 18081 to container port 8000 using rootlesskit port handler", func() { 393 port1 := GetPort() 394 port2 := GetPort() 395 session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=rootlesskit", "-dt", "-p", fmt.Sprintf("%d:%d", port2, port1), ALPINE, "/bin/sh"}) 396 session.WaitWithDefaultTimeout() 397 Expect(session).Should(Exit(0)) 398 399 ncBusy := SystemExec("nc", []string{"-l", "-p", fmt.Sprintf("%d", port2)}) 400 Expect(ncBusy).To(ExitWithError()) 401 }) 402 403 It("podman run slirp4netns verify net.ipv6.conf.default.accept_dad=0", func() { 404 session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:enable_ipv6=true", ALPINE, "ip", "addr"}) 405 session.WaitWithDefaultTimeout() 406 Expect(session).Should(Exit(0)) 407 // check the ipv6 setup id done without delay (https://github.com/containers/podman/issues/11062) 408 Expect(session.OutputToString()).To(ContainSubstring("inet6 fd00::")) 409 410 const ipv6ConfDefaultAcceptDadSysctl = "/proc/sys/net/ipv6/conf/all/accept_dad" 411 412 cat := SystemExec("cat", []string{ipv6ConfDefaultAcceptDadSysctl}) 413 cat.WaitWithDefaultTimeout() 414 Expect(cat).Should(Exit(0)) 415 sysctlValue := cat.OutputToString() 416 417 session = podmanTest.Podman([]string{"run", "--network", "slirp4netns:enable_ipv6=true", ALPINE, "cat", ipv6ConfDefaultAcceptDadSysctl}) 418 session.WaitWithDefaultTimeout() 419 Expect(session).Should(Exit(0)) 420 Expect(session.OutputToString()).To(Equal(sysctlValue)) 421 }) 422 423 It("podman run network expose host port 18082 to container port 8000 using slirp4netns port handler", func() { 424 session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=slirp4netns", "-dt", "-p", "18082:8000", ALPINE, "/bin/sh"}) 425 session.Wait(30) 426 Expect(session).Should(Exit(0)) 427 ncBusy := SystemExec("nc", []string{"-l", "-p", "18082"}) 428 Expect(ncBusy).To(ExitWithError()) 429 }) 430 431 It("podman run network expose host port 8080 to container port 8000 using invalid port handler", func() { 432 session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=invalid", "-dt", "-p", "8080:8000", ALPINE, "/bin/sh"}) 433 session.Wait(30) 434 Expect(session).To(ExitWithError()) 435 }) 436 437 It("podman run slirp4netns network with host loopback", func() { 438 session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:allow_host_loopback=true", ALPINE, "ping", "-c1", "10.0.2.2"}) 439 session.Wait(30) 440 Expect(session).Should(Exit(0)) 441 }) 442 443 It("podman run slirp4netns network with mtu", func() { 444 session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:mtu=9000", ALPINE, "ip", "addr"}) 445 session.Wait(30) 446 Expect(session).Should(Exit(0)) 447 Expect(session.OutputToString()).To(ContainSubstring("mtu 9000")) 448 }) 449 450 It("podman run slirp4netns network with different cidr", func() { 451 slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"}) 452 Expect(slirp4netnsHelp).Should(Exit(0)) 453 454 networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true" 455 session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"}) 456 session.Wait(30) 457 458 if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") { 459 Expect(session).Should(Exit(0)) 460 } else { 461 Expect(session).To(ExitWithError()) 462 Expect(session.ErrorToString()).To(ContainSubstring("cidr not supported")) 463 } 464 }) 465 466 It("podman run network bind to 127.0.0.1", func() { 467 slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"}) 468 Expect(slirp4netnsHelp).Should(Exit(0)) 469 networkConfiguration := "slirp4netns:outbound_addr=127.0.0.1,allow_host_loopback=true" 470 port := GetPort() 471 472 if strings.Contains(slirp4netnsHelp.OutputToString(), "outbound-addr") { 473 ncListener := StartSystemExec("nc", []string{"-v", "-n", "-l", "-p", fmt.Sprintf("%d", port)}) 474 session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, "-dt", ALPINE, "nc", "-w", "2", "10.0.2.2", fmt.Sprintf("%d", port)}) 475 session.WaitWithDefaultTimeout() 476 ncListener.WaitWithDefaultTimeout() 477 478 Expect(session).Should(Exit(0)) 479 Expect(ncListener).Should(Exit(0)) 480 Expect(ncListener.ErrorToString()).To(ContainSubstring("127.0.0.1")) 481 } else { 482 session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, "-dt", ALPINE, "nc", "-w", "2", "10.0.2.2", fmt.Sprintf("%d", port)}) 483 session.WaitWithDefaultTimeout() 484 Expect(session).To(ExitWithError()) 485 Expect(session.ErrorToString()).To(ContainSubstring("outbound_addr not supported")) 486 } 487 }) 488 489 It("podman run network bind to HostIP", func() { 490 ip, err := utils.HostIP() 491 Expect(err).To(BeNil()) 492 port := GetPort() 493 494 slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"}) 495 Expect(slirp4netnsHelp).Should(Exit(0)) 496 networkConfiguration := fmt.Sprintf("slirp4netns:outbound_addr=%s,allow_host_loopback=true", ip.String()) 497 498 if strings.Contains(slirp4netnsHelp.OutputToString(), "outbound-addr") { 499 ncListener := StartSystemExec("nc", []string{"-v", "-n", "-l", "-p", fmt.Sprintf("%d", port)}) 500 session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, "-dt", ALPINE, "nc", "-w", "2", "10.0.2.2", fmt.Sprintf("%d", port)}) 501 session.Wait(30) 502 ncListener.Wait(30) 503 504 Expect(session).Should(Exit(0)) 505 Expect(ncListener).Should(Exit(0)) 506 Expect(ncListener.ErrorToString()).To(ContainSubstring(ip.String())) 507 } else { 508 session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, "-dt", ALPINE, "nc", "-w", "2", "10.0.2.2", fmt.Sprintf("%d", port)}) 509 session.Wait(30) 510 Expect(session).To(ExitWithError()) 511 Expect(session.ErrorToString()).To(ContainSubstring("outbound_addr not supported")) 512 } 513 }) 514 515 It("podman run network expose ports in image metadata", func() { 516 session := podmanTest.Podman([]string{"create", "--name", "test", "-t", "-P", nginx}) 517 session.WaitWithDefaultTimeout() 518 Expect(session).Should(Exit(0)) 519 results := podmanTest.Podman([]string{"inspect", "test"}) 520 results.WaitWithDefaultTimeout() 521 Expect(results).Should(Exit(0)) 522 Expect(results.OutputToString()).To(ContainSubstring(`"80/tcp":`)) 523 }) 524 525 It("podman run network expose duplicate host port results in error", func() { 526 port := "8190" // Make sure this isn't used anywhere else 527 528 session := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", port, ALPINE, "/bin/sh"}) 529 session.WaitWithDefaultTimeout() 530 Expect(session).Should(Exit(0)) 531 532 inspect := podmanTest.Podman([]string{"inspect", "test"}) 533 inspect.WaitWithDefaultTimeout() 534 Expect(inspect).Should(Exit(0)) 535 536 containerConfig := inspect.InspectContainerToJSON() 537 Expect(containerConfig[0].NetworkSettings.Ports).To(Not(BeNil())) 538 Expect(containerConfig[0].NetworkSettings.Ports).To(HaveKeyWithValue(port+"/tcp", Not(BeNil()))) 539 Expect(containerConfig[0].NetworkSettings.Ports[port+"/tcp"][0].HostPort).ToNot(Equal(port)) 540 }) 541 542 It("podman run forward sctp protocol", func() { 543 SkipIfRootless("sctp protocol only works as root") 544 session := podmanTest.Podman([]string{"--log-level=info", "run", "--name=test", "-p", "80/sctp", "-p", "81/sctp", ALPINE}) 545 session.WaitWithDefaultTimeout() 546 Expect(session).Should(Exit(0)) 547 // we can only check logrus on local podman 548 if !IsRemote() { 549 // check that the info message for sctp protocol is only displayed once 550 Expect(strings.Count(session.ErrorToString(), "Port reservation for SCTP is not supported")).To(Equal(1), "`Port reservation for SCTP is not supported` is not displayed exactly one time in the logrus logs") 551 } 552 results := podmanTest.Podman([]string{"inspect", "test"}) 553 results.WaitWithDefaultTimeout() 554 Expect(results).Should(Exit(0)) 555 Expect(results.OutputToString()).To(ContainSubstring(`"80/sctp":`)) 556 Expect(results.OutputToString()).To(ContainSubstring(`"81/sctp":`)) 557 }) 558 559 It("podman run hostname test", func() { 560 session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "HOSTNAME"}) 561 session.WaitWithDefaultTimeout() 562 Expect(session).Should(Exit(0)) 563 Expect(session.OutputToString()).To(Not(ContainSubstring(hostname))) 564 }) 565 566 It("podman run --net host hostname test", func() { 567 session := podmanTest.Podman([]string{"run", "--rm", "--net", "host", ALPINE, "printenv", "HOSTNAME"}) 568 session.WaitWithDefaultTimeout() 569 Expect(session).Should(Exit(0)) 570 Expect(session.OutputToString()).To(ContainSubstring(hostname)) 571 }) 572 It("podman run --net host --uts host hostname test", func() { 573 session := podmanTest.Podman([]string{"run", "--rm", "--net", "host", "--uts", "host", ALPINE, "printenv", "HOSTNAME"}) 574 session.WaitWithDefaultTimeout() 575 Expect(session).Should(Exit(0)) 576 Expect(session.OutputToString()).To(ContainSubstring(hostname)) 577 }) 578 It("podman run --uts host hostname test", func() { 579 session := podmanTest.Podman([]string{"run", "--rm", "--uts", "host", ALPINE, "printenv", "HOSTNAME"}) 580 session.WaitWithDefaultTimeout() 581 Expect(session).Should(Exit(0)) 582 Expect(session.OutputToString()).To(ContainSubstring(hostname)) 583 }) 584 585 It("podman run --net host --hostname ... hostname test", func() { 586 session := podmanTest.Podman([]string{"run", "--rm", "--net", "host", "--hostname", "foobar", ALPINE, "printenv", "HOSTNAME"}) 587 session.WaitWithDefaultTimeout() 588 Expect(session).Should(Exit(0)) 589 Expect(session.OutputToString()).To(ContainSubstring("foobar")) 590 }) 591 592 It("podman run --hostname ... hostname test", func() { 593 session := podmanTest.Podman([]string{"run", "--rm", "--hostname", "foobar", ALPINE, "printenv", "HOSTNAME"}) 594 session.WaitWithDefaultTimeout() 595 Expect(session).Should(Exit(0)) 596 Expect(session.OutputToString()).To(ContainSubstring("foobar")) 597 }) 598 599 It("podman run --net container: and --uts container:", func() { 600 ctrName := "ctrToJoin" 601 ctr1 := podmanTest.RunTopContainer(ctrName) 602 ctr1.WaitWithDefaultTimeout() 603 Expect(ctr1).Should(Exit(0)) 604 605 ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--uts=container:" + ctrName, ALPINE, "true"}) 606 ctr2.WaitWithDefaultTimeout() 607 Expect(ctr2).Should(Exit(0)) 608 }) 609 610 It("podman run --net container: and --add-host should fail", func() { 611 ctrName := "ctrToJoin" 612 ctr1 := podmanTest.RunTopContainer(ctrName) 613 ctr1.WaitWithDefaultTimeout() 614 Expect(ctr1).Should(Exit(0)) 615 616 ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--add-host", "host1:127.0.0.1", ALPINE, "true"}) 617 ctr2.WaitWithDefaultTimeout() 618 Expect(ctr2).Should(ExitWithError()) 619 Expect(ctr2.ErrorToString()).Should(ContainSubstring("cannot set extra host entries when the container is joined to another containers network namespace: invalid configuration")) 620 }) 621 622 It("podman run --net container: copies hosts and resolv", func() { 623 ctrName := "ctr1" 624 ctr1 := podmanTest.RunTopContainer(ctrName) 625 ctr1.WaitWithDefaultTimeout() 626 Expect(ctr1).Should(Exit(0)) 627 628 // Exec in and modify /etc/resolv.conf and /etc/hosts 629 exec1 := podmanTest.Podman([]string{"exec", ctrName, "sh", "-c", "echo nameserver 192.0.2.1 > /etc/resolv.conf"}) 630 exec1.WaitWithDefaultTimeout() 631 Expect(exec1).Should(Exit(0)) 632 633 exec2 := podmanTest.Podman([]string{"exec", ctrName, "sh", "-c", "echo 192.0.2.2 test1 > /etc/hosts"}) 634 exec2.WaitWithDefaultTimeout() 635 Expect(exec2).Should(Exit(0)) 636 637 ctrName2 := "ctr2" 638 ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--name", ctrName2, ALPINE, "top"}) 639 ctr2.WaitWithDefaultTimeout() 640 Expect(ctr2).Should(Exit(0)) 641 642 exec3 := podmanTest.Podman([]string{"exec", "-i", ctrName2, "cat", "/etc/resolv.conf"}) 643 exec3.WaitWithDefaultTimeout() 644 Expect(exec3).Should(Exit(0)) 645 Expect(exec3.OutputToString()).To(ContainSubstring("nameserver 192.0.2.1")) 646 647 exec4 := podmanTest.Podman([]string{"exec", "-i", ctrName2, "cat", "/etc/hosts"}) 648 exec4.WaitWithDefaultTimeout() 649 Expect(exec4).Should(Exit(0)) 650 Expect(exec4.OutputToString()).To(ContainSubstring("192.0.2.2 test1")) 651 }) 652 653 It("podman run /etc/hosts contains --hostname", func() { 654 session := podmanTest.Podman([]string{"run", "--rm", "--hostname", "foohostname", ALPINE, "grep", "foohostname", "/etc/hosts"}) 655 session.WaitWithDefaultTimeout() 656 Expect(session).Should(Exit(0)) 657 }) 658 659 It("podman run --uidmap /etc/hosts contains --hostname", func() { 660 SkipIfRootless("uidmap population of cninetworks not supported for rootless users") 661 session := podmanTest.Podman([]string{"run", "--uidmap", "0:100000:1000", "--rm", "--hostname", "foohostname", ALPINE, "grep", "foohostname", "/etc/hosts"}) 662 session.WaitWithDefaultTimeout() 663 Expect(session).Should(Exit(0)) 664 665 session = podmanTest.Podman([]string{"run", "--uidmap", "0:100000:1000", "--rm", "--hostname", "foohostname", "-v", "/etc/hosts:/etc/hosts", ALPINE, "grep", "foohostname", "/etc/hosts"}) 666 session.WaitWithDefaultTimeout() 667 Expect(session).Should(Exit(1)) 668 }) 669 670 It("podman run network in user created network namespace", func() { 671 SkipIfRootless("ip netns is not supported for rootless users") 672 if Containerized() { 673 Skip("Cannot be run within a container.") 674 } 675 addXXX := SystemExec("ip", []string{"netns", "add", "xxx"}) 676 Expect(addXXX).Should(Exit(0)) 677 defer func() { 678 delXXX := SystemExec("ip", []string{"netns", "delete", "xxx"}) 679 Expect(delXXX).Should(Exit(0)) 680 }() 681 682 session := podmanTest.Podman([]string{"run", "-dt", "--net", "ns:/run/netns/xxx", ALPINE, "wget", "www.podman.io"}) 683 session.Wait(90) 684 Expect(session).Should(Exit(0)) 685 }) 686 687 It("podman run n user created network namespace with resolv.conf", func() { 688 SkipIfRootless("ip netns is not supported for rootless users") 689 if Containerized() { 690 Skip("Cannot be run within a container.") 691 } 692 addXXX2 := SystemExec("ip", []string{"netns", "add", "xxx2"}) 693 Expect(addXXX2).Should(Exit(0)) 694 defer func() { 695 delXXX2 := SystemExec("ip", []string{"netns", "delete", "xxx2"}) 696 Expect(delXXX2).Should(Exit(0)) 697 }() 698 699 mdXXX2 := SystemExec("mkdir", []string{"-p", "/etc/netns/xxx2"}) 700 Expect(mdXXX2).Should(Exit(0)) 701 defer os.RemoveAll("/etc/netns/xxx2") 702 703 nsXXX2 := SystemExec("bash", []string{"-c", "echo nameserver 11.11.11.11 > /etc/netns/xxx2/resolv.conf"}) 704 Expect(nsXXX2).Should(Exit(0)) 705 706 session := podmanTest.Podman([]string{"run", "--net", "ns:/run/netns/xxx2", ALPINE, "cat", "/etc/resolv.conf"}) 707 session.Wait(90) 708 Expect(session).Should(Exit(0)) 709 Expect(session.OutputToString()).To(ContainSubstring("11.11.11.11")) 710 }) 711 712 addAddr := func(cidr string, containerInterface netlink.Link) error { 713 _, ipnet, err := net.ParseCIDR(cidr) 714 Expect(err).To(BeNil()) 715 addr := &netlink.Addr{IPNet: ipnet, Label: ""} 716 if err := netlink.AddrAdd(containerInterface, addr); err != nil && err != syscall.EEXIST { 717 return err 718 } 719 return nil 720 } 721 722 loopbackup := func() { 723 lo, err := netlink.LinkByName("lo") 724 Expect(err).To(BeNil()) 725 err = netlink.LinkSetUp(lo) 726 Expect(err).To(BeNil()) 727 } 728 729 linkup := func(name string, mac string, addresses []string) { 730 linkAttr := netlink.NewLinkAttrs() 731 linkAttr.Name = name 732 m, err := net.ParseMAC(mac) 733 Expect(err).To(BeNil()) 734 linkAttr.HardwareAddr = m 735 eth := &netlink.Dummy{LinkAttrs: linkAttr} 736 err = netlink.LinkAdd(eth) 737 Expect(err).To(BeNil()) 738 err = netlink.LinkSetUp(eth) 739 Expect(err).To(BeNil()) 740 for _, address := range addresses { 741 err := addAddr(address, eth) 742 Expect(err).To(BeNil()) 743 } 744 } 745 746 routeAdd := func(gateway string) { 747 gw := net.ParseIP(gateway) 748 route := &netlink.Route{Dst: nil, Gw: gw} 749 err = netlink.RouteAdd(route) 750 Expect(err).ToNot(HaveOccurred()) 751 } 752 753 setupNetworkNs := func(networkNSName string) { 754 _ = ns.WithNetNSPath("/run/netns/"+networkNSName, func(_ ns.NetNS) error { 755 loopbackup() 756 linkup("eth0", "46:7f:45:6e:4f:c8", []string{"10.25.40.0/24", "fd04:3e42:4a4e:3381::/64"}) 757 linkup("eth1", "56:6e:35:5d:3e:a8", []string{"10.88.0.0/16"}) 758 759 routeAdd("10.25.40.0") 760 return nil 761 }) 762 } 763 764 checkNetworkNsInspect := func(name string) { 765 inspectOut := podmanTest.InspectContainer(name) 766 Expect(inspectOut[0].NetworkSettings).To(HaveField("IPAddress", "10.25.40.0")) 767 Expect(inspectOut[0].NetworkSettings).To(HaveField("IPPrefixLen", 24)) 768 Expect(len(inspectOut[0].NetworkSettings.SecondaryIPAddresses)).To(Equal(1)) 769 Expect(inspectOut[0].NetworkSettings.SecondaryIPAddresses[0]).To(HaveField("Addr", "10.88.0.0")) 770 Expect(inspectOut[0].NetworkSettings.SecondaryIPAddresses[0]).To(HaveField("PrefixLength", 16)) 771 Expect(inspectOut[0].NetworkSettings).To(HaveField("GlobalIPv6Address", "fd04:3e42:4a4e:3381::")) 772 Expect(inspectOut[0].NetworkSettings).To(HaveField("GlobalIPv6PrefixLen", 64)) 773 Expect(len(inspectOut[0].NetworkSettings.SecondaryIPv6Addresses)).To(Equal(0)) 774 Expect(inspectOut[0].NetworkSettings).To(HaveField("MacAddress", "46:7f:45:6e:4f:c8")) 775 Expect(len(inspectOut[0].NetworkSettings.AdditionalMacAddresses)).To(Equal(1)) 776 Expect(inspectOut[0].NetworkSettings.AdditionalMacAddresses[0]).To(Equal("56:6e:35:5d:3e:a8")) 777 Expect(inspectOut[0].NetworkSettings).To(HaveField("Gateway", "10.25.40.0")) 778 779 } 780 781 It("podman run network inspect fails gracefully on non-reachable network ns", func() { 782 SkipIfRootless("ip netns is not supported for rootless users") 783 784 networkNSName := RandomString(12) 785 addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName}) 786 Expect(addNamedNetwork).Should(Exit(0)) 787 788 setupNetworkNs(networkNSName) 789 790 name := RandomString(12) 791 session := podmanTest.Podman([]string{"run", "-d", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"}) 792 session.WaitWithDefaultTimeout() 793 794 // delete the named network ns before inspect 795 delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName}) 796 Expect(delNetworkNamespace).Should(Exit(0)) 797 798 inspectOut := podmanTest.InspectContainer(name) 799 Expect(inspectOut[0].NetworkSettings).To(HaveField("IPAddress", "")) 800 Expect(len(inspectOut[0].NetworkSettings.Networks)).To(Equal(0)) 801 }) 802 803 It("podman inspect can handle joined network ns with multiple interfaces", func() { 804 SkipIfRootless("ip netns is not supported for rootless users") 805 806 networkNSName := RandomString(12) 807 addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName}) 808 Expect(addNamedNetwork).Should(Exit(0)) 809 defer func() { 810 delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName}) 811 Expect(delNetworkNamespace).Should(Exit(0)) 812 }() 813 setupNetworkNs(networkNSName) 814 815 name := RandomString(12) 816 session := podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE}) 817 session.WaitWithDefaultTimeout() 818 819 session = podmanTest.Podman([]string{"container", "rm", name}) 820 session.WaitWithDefaultTimeout() 821 822 // no network teardown should touch joined network ns interfaces 823 session = podmanTest.Podman([]string{"run", "-d", "--replace", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"}) 824 session.WaitWithDefaultTimeout() 825 826 checkNetworkNsInspect(name) 827 }) 828 829 It("podman do not tamper with joined network ns interfaces", func() { 830 SkipIfRootless("ip netns is not supported for rootless users") 831 832 networkNSName := RandomString(12) 833 addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName}) 834 Expect(addNamedNetwork).Should(Exit(0)) 835 defer func() { 836 delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName}) 837 Expect(delNetworkNamespace).Should(Exit(0)) 838 }() 839 840 setupNetworkNs(networkNSName) 841 842 name := RandomString(12) 843 session := podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE}) 844 session.WaitWithDefaultTimeout() 845 846 checkNetworkNsInspect(name) 847 848 name = RandomString(12) 849 session = podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE}) 850 session.WaitWithDefaultTimeout() 851 852 checkNetworkNsInspect(name) 853 854 // delete container, the network inspect should not change 855 session = podmanTest.Podman([]string{"container", "rm", name}) 856 session.WaitWithDefaultTimeout() 857 858 session = podmanTest.Podman([]string{"run", "-d", "--replace", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"}) 859 session.WaitWithDefaultTimeout() 860 861 checkNetworkNsInspect(name) 862 }) 863 864 It("podman run network in bogus user created network namespace", func() { 865 session := podmanTest.Podman([]string{"run", "-dt", "--net", "ns:/run/netns/xxy", ALPINE, "wget", "www.podman.io"}) 866 session.Wait(90) 867 Expect(session).To(ExitWithError()) 868 Expect(session.ErrorToString()).To(ContainSubstring("stat /run/netns/xxy: no such file or directory")) 869 }) 870 871 It("podman run in custom CNI network with --static-ip", func() { 872 netName := stringid.GenerateNonCryptoID() 873 ipAddr := "10.25.30.128" 874 create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName}) 875 create.WaitWithDefaultTimeout() 876 Expect(create).Should(Exit(0)) 877 defer podmanTest.removeNetwork(netName) 878 879 run := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "--net", netName, "--ip", ipAddr, ALPINE, "ip", "addr"}) 880 run.WaitWithDefaultTimeout() 881 Expect(run).Should(Exit(0)) 882 Expect(run.OutputToString()).To(ContainSubstring(ipAddr)) 883 }) 884 885 It("podman CNI network works across user ns", func() { 886 SkipIfNetavark(podmanTest) 887 netName := stringid.GenerateNonCryptoID() 888 create := podmanTest.Podman([]string{"network", "create", netName}) 889 create.WaitWithDefaultTimeout() 890 Expect(create).Should(Exit(0)) 891 defer podmanTest.removeNetwork(netName) 892 893 name := "nc-server" 894 run := podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "-d", "--name", name, "--net", netName, ALPINE, "nc", "-l", "-p", "9480"}) 895 run.WaitWithDefaultTimeout() 896 Expect(run).Should(Exit(0)) 897 898 // NOTE: we force the k8s-file log driver to make sure the 899 // tests are passing inside a container. 900 run = podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "--rm", "--net", netName, "--uidmap", "0:1:4096", ALPINE, "sh", "-c", fmt.Sprintf("echo podman | nc -w 1 %s.dns.podman 9480", name)}) 901 run.WaitWithDefaultTimeout() 902 Expect(run).Should(Exit(0)) 903 904 log := podmanTest.Podman([]string{"logs", name}) 905 log.WaitWithDefaultTimeout() 906 Expect(log).Should(Exit(0)) 907 Expect(log.OutputToString()).To(Equal("podman")) 908 }) 909 910 It("podman Netavark network works across user ns", func() { 911 SkipIfCNI(podmanTest) 912 netName := createNetworkName("") 913 create := podmanTest.Podman([]string{"network", "create", netName}) 914 create.WaitWithDefaultTimeout() 915 Expect(create).Should(Exit(0)) 916 defer podmanTest.removeNetwork(netName) 917 918 name := "nc-server" 919 run := podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "-d", "--name", name, "--net", netName, ALPINE, "nc", "-l", "-p", "9480"}) 920 run.WaitWithDefaultTimeout() 921 Expect(run).Should(Exit(0)) 922 923 // NOTE: we force the k8s-file log driver to make sure the 924 // tests are passing inside a container. 925 run = podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "--rm", "--net", netName, "--uidmap", "0:1:4096", ALPINE, "sh", "-c", fmt.Sprintf("echo podman | nc -w 1 %s.dns.podman 9480", name)}) 926 run.WaitWithDefaultTimeout() 927 Expect(run).Should(Exit(0)) 928 929 log := podmanTest.Podman([]string{"logs", name}) 930 log.WaitWithDefaultTimeout() 931 Expect(log).Should(Exit(0)) 932 Expect(log.OutputToString()).To(Equal("podman")) 933 }) 934 935 It("podman run with new:pod and static-ip", func() { 936 netName := stringid.GenerateNonCryptoID() 937 ipAddr := "10.25.40.128" 938 podname := "testpod" 939 create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.40.0/24", netName}) 940 create.WaitWithDefaultTimeout() 941 Expect(create).Should(Exit(0)) 942 defer podmanTest.removeNetwork(netName) 943 944 run := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "--pod", "new:" + podname, "--net", netName, "--ip", ipAddr, ALPINE, "ip", "addr"}) 945 run.WaitWithDefaultTimeout() 946 Expect(run).Should(Exit(0)) 947 Expect(run.OutputToString()).To(ContainSubstring(ipAddr)) 948 949 podrm := podmanTest.Podman([]string{"pod", "rm", "-t", "0", "-f", podname}) 950 podrm.WaitWithDefaultTimeout() 951 Expect(podrm).Should(Exit(0)) 952 }) 953 954 It("podman run with --net=host and --hostname sets correct hostname", func() { 955 hostname := "testctr" 956 run := podmanTest.Podman([]string{"run", "--net=host", "--hostname", hostname, ALPINE, "hostname"}) 957 run.WaitWithDefaultTimeout() 958 Expect(run).Should(Exit(0)) 959 Expect(run.OutputToString()).To(ContainSubstring(hostname)) 960 }) 961 962 It("podman run with --net=none sets hostname", func() { 963 hostname := "testctr" 964 run := podmanTest.Podman([]string{"run", "--net=none", "--hostname", hostname, ALPINE, "hostname"}) 965 run.WaitWithDefaultTimeout() 966 Expect(run).Should(Exit(0)) 967 Expect(run.OutputToString()).To(ContainSubstring(hostname)) 968 }) 969 970 It("podman run with --net=none adds hostname to /etc/hosts", func() { 971 hostname := "testctr" 972 run := podmanTest.Podman([]string{"run", "--net=none", "--hostname", hostname, ALPINE, "cat", "/etc/hosts"}) 973 run.WaitWithDefaultTimeout() 974 Expect(run).Should(Exit(0)) 975 Expect(run.OutputToString()).To(ContainSubstring(hostname)) 976 }) 977 978 It("podman run with pod does not add extra 127 entry to /etc/hosts", func() { 979 pod := "testpod" 980 hostname := "test-hostname" 981 run := podmanTest.Podman([]string{"pod", "create", "--hostname", hostname, "--name", pod}) 982 run.WaitWithDefaultTimeout() 983 Expect(run).Should(Exit(0)) 984 run = podmanTest.Podman([]string{"run", "--pod", pod, ALPINE, "cat", "/etc/hosts"}) 985 run.WaitWithDefaultTimeout() 986 Expect(run).Should(Exit(0)) 987 Expect(run.OutputToString()).ToNot(ContainSubstring("127.0.0.1 %s", hostname)) 988 }) 989 990 pingTest := func(netns string) { 991 hostname := "testctr" 992 run := podmanTest.Podman([]string{"run", netns, "--hostname", hostname, ALPINE, "ping", "-c", "1", hostname}) 993 run.WaitWithDefaultTimeout() 994 Expect(run).Should(Exit(0)) 995 996 run = podmanTest.Podman([]string{"run", netns, "--hostname", hostname, "--name", "test", ALPINE, "ping", "-c", "1", "test"}) 997 run.WaitWithDefaultTimeout() 998 Expect(run).Should(Exit(0)) 999 } 1000 1001 It("podman attempt to ping container name and hostname --net=none", func() { 1002 pingTest("--net=none") 1003 }) 1004 1005 It("podman attempt to ping container name and hostname --net=private", func() { 1006 pingTest("--net=private") 1007 }) 1008 1009 It("podman run check dnsname plugin with CNI", func() { 1010 SkipIfNetavark(podmanTest) 1011 pod := "testpod" 1012 session := podmanTest.Podman([]string{"pod", "create", "--name", pod}) 1013 session.WaitWithDefaultTimeout() 1014 Expect(session).Should(Exit(0)) 1015 1016 net := createNetworkName("IntTest") 1017 session = podmanTest.Podman([]string{"network", "create", net}) 1018 session.WaitWithDefaultTimeout() 1019 defer podmanTest.removeNetwork(net) 1020 Expect(session).Should(Exit(0)) 1021 1022 pod2 := "testpod2" 1023 session = podmanTest.Podman([]string{"pod", "create", "--network", net, "--name", pod2}) 1024 session.WaitWithDefaultTimeout() 1025 Expect(session).Should(Exit(0)) 1026 1027 session = podmanTest.Podman([]string{"run", "--name", "con1", "--network", net, ALPINE, "nslookup", "con1"}) 1028 session.WaitWithDefaultTimeout() 1029 Expect(session).Should(Exit(0)) 1030 1031 session = podmanTest.Podman([]string{"run", "--name", "con2", "--pod", pod, "--network", net, ALPINE, "nslookup", "con2"}) 1032 session.WaitWithDefaultTimeout() 1033 Expect(session).Should(Exit(0)) 1034 1035 session = podmanTest.Podman([]string{"run", "--name", "con3", "--pod", pod2, ALPINE, "nslookup", "con1"}) 1036 session.WaitWithDefaultTimeout() 1037 Expect(session).Should(Exit(1)) 1038 Expect(session.ErrorToString()).To(ContainSubstring("can't resolve 'con1'")) 1039 1040 session = podmanTest.Podman([]string{"run", "--name", "con4", "--network", net, ALPINE, "nslookup", pod2 + ".dns.podman"}) 1041 session.WaitWithDefaultTimeout() 1042 Expect(session).Should(Exit(0)) 1043 }) 1044 1045 It("podman run check dnsname plugin with Netavark", func() { 1046 SkipIfCNI(podmanTest) 1047 pod := "testpod" 1048 session := podmanTest.Podman([]string{"pod", "create", "--name", pod}) 1049 session.WaitWithDefaultTimeout() 1050 Expect(session).Should(Exit(0)) 1051 1052 net := createNetworkName("IntTest") 1053 session = podmanTest.Podman([]string{"network", "create", net}) 1054 session.WaitWithDefaultTimeout() 1055 defer podmanTest.removeNetwork(net) 1056 Expect(session).Should(Exit(0)) 1057 1058 pod2 := "testpod2" 1059 session = podmanTest.Podman([]string{"pod", "create", "--network", net, "--name", pod2}) 1060 session.WaitWithDefaultTimeout() 1061 Expect(session).Should(Exit(0)) 1062 1063 session = podmanTest.Podman([]string{"run", "--name", "con1", "--network", net, ALPINE, "nslookup", "con1"}) 1064 session.WaitWithDefaultTimeout() 1065 Expect(session).Should(Exit(0)) 1066 1067 session = podmanTest.Podman([]string{"run", "--name", "con2", "--pod", pod, "--network", net, ALPINE, "nslookup", "con2"}) 1068 session.WaitWithDefaultTimeout() 1069 Expect(session).Should(Exit(0)) 1070 1071 session = podmanTest.Podman([]string{"run", "--name", "con3", "--pod", pod2, ALPINE, "nslookup", "con1"}) 1072 session.WaitWithDefaultTimeout() 1073 Expect(session).Should(Exit(1)) 1074 Expect(session.ErrorToString()).To(ContainSubstring("can't resolve 'con1'")) 1075 1076 session = podmanTest.Podman([]string{"run", "--name", "con4", "--network", net, ALPINE, "nslookup", pod2 + ".dns.podman"}) 1077 session.WaitWithDefaultTimeout() 1078 Expect(session).Should(Exit(0)) 1079 }) 1080 1081 It("podman run check dnsname adds dns search domain with CNI", func() { 1082 SkipIfNetavark(podmanTest) 1083 net := createNetworkName("dnsname") 1084 session := podmanTest.Podman([]string{"network", "create", net}) 1085 session.WaitWithDefaultTimeout() 1086 defer podmanTest.removeNetwork(net) 1087 Expect(session).Should(Exit(0)) 1088 1089 session = podmanTest.Podman([]string{"run", "--network", net, ALPINE, "cat", "/etc/resolv.conf"}) 1090 session.WaitWithDefaultTimeout() 1091 Expect(session).Should(Exit(0)) 1092 Expect(session.OutputToString()).To(ContainSubstring("search dns.podman")) 1093 }) 1094 1095 It("podman run check dnsname adds dns search domain with Netavark", func() { 1096 SkipIfCNI(podmanTest) 1097 net := createNetworkName("dnsname") 1098 session := podmanTest.Podman([]string{"network", "create", net}) 1099 session.WaitWithDefaultTimeout() 1100 defer podmanTest.removeNetwork(net) 1101 Expect(session).Should(Exit(0)) 1102 1103 session = podmanTest.Podman([]string{"run", "--network", net, ALPINE, "cat", "/etc/resolv.conf"}) 1104 session.WaitWithDefaultTimeout() 1105 Expect(session).Should(Exit(0)) 1106 Expect(session.OutputToString()).To(ContainSubstring("search dns.podman")) 1107 }) 1108 1109 It("Rootless podman run with --net=bridge works and connects to default network", func() { 1110 // This is harmless when run as root, so we'll just let it run. 1111 ctrName := "testctr" 1112 ctr := podmanTest.Podman([]string{"run", "-d", "--net=bridge", "--name", ctrName, ALPINE, "top"}) 1113 ctr.WaitWithDefaultTimeout() 1114 Expect(ctr).Should(Exit(0)) 1115 1116 inspectOut := podmanTest.InspectContainer(ctrName) 1117 Expect(inspectOut).To(HaveLen(1)) 1118 Expect(inspectOut[0].NetworkSettings.Networks).To(HaveLen(1)) 1119 Expect(inspectOut[0].NetworkSettings.Networks).To(HaveKey("podman")) 1120 }) 1121 1122 // see https://github.com/containers/podman/issues/12972 1123 It("podman run check network-alias works on networks without dns", func() { 1124 net := "dns" + stringid.GenerateNonCryptoID() 1125 session := podmanTest.Podman([]string{"network", "create", "--disable-dns", net}) 1126 session.WaitWithDefaultTimeout() 1127 defer podmanTest.removeNetwork(net) 1128 Expect(session).Should(Exit(0)) 1129 1130 session = podmanTest.Podman([]string{"run", "--network", net, "--network-alias", "abcdef", ALPINE, "true"}) 1131 session.WaitWithDefaultTimeout() 1132 Expect(session).Should(Exit(0)) 1133 }) 1134 1135 It("podman run with ipam none driver", func() { 1136 // Test fails, issue #13931 1137 SkipIfNetavark(podmanTest) 1138 net := "ipam" + stringid.GenerateNonCryptoID() 1139 session := podmanTest.Podman([]string{"network", "create", "--ipam-driver=none", net}) 1140 session.WaitWithDefaultTimeout() 1141 defer podmanTest.removeNetwork(net) 1142 Expect(session).Should(Exit(0)) 1143 1144 session = podmanTest.Podman([]string{"run", "--network", net, ALPINE, "ip", "addr", "show", "eth0"}) 1145 session.WaitWithDefaultTimeout() 1146 Expect(session).Should(Exit(0)) 1147 Expect(session.OutputToStringArray()).To(HaveLen(4), "output should only show link local address") 1148 }) 1149 })