pyrox.dev
Merge pull request #100433 from Patryk27/fixes/38509
nixos/containers: allow containers with long names to create private networks
authored by
Florian Klink
and committed by
GitHub
1624ae8a
b4389c07
+8
-4
nixos/modules/virtualisation/nixos-containers.nix
+8
-4
nixos/modules/virtualisation/nixos-containers.nix
···
271
271
DeviceAllow = map (d: "${d.node} ${d.modifier}") cfg.allowedDevices;
272
272
};
273
273
274
-
275
274
system = config.nixpkgs.localSystem.system;
275
+
kernelVersion = config.boot.kernelPackages.kernel.version;
276
276
277
277
bindMountOpts = { name, ... }: {
278
278
···
320
320
};
321
321
};
322
322
};
323
-
324
323
325
324
mkBindFlag = d:
326
325
let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
···
482
481
networking.useDHCP = false;
483
482
assertions = [
484
483
{
485
-
assertion = config.privateNetwork -> stringLength name < 12;
484
+
assertion =
485
+
(builtins.compareVersions kernelVersion "5.8" <= 0)
486
+
-> config.privateNetwork
487
+
-> stringLength name <= 11;
486
488
message = ''
487
489
Container name `${name}` is too long: When `privateNetwork` is enabled, container names can
488
490
not be longer than 11 characters, because the container's interface name is derived from it.
489
-
This might be fixed in the future. See https://github.com/NixOS/nixpkgs/issues/38509
491
+
You should either make the container name shorter or upgrade to a more recent kernel that
492
+
supports interface altnames (i.e. at least Linux 5.8 - please see https://github.com/NixOS/nixpkgs/issues/38509
493
+
for details).
490
494
'';
491
495
}
492
496
];
+1
nixos/tests/all-tests.nix
+1
nixos/tests/all-tests.nix
···
72
72
containers-imperative = handleTest ./containers-imperative.nix {};
73
73
containers-ip = handleTest ./containers-ip.nix {};
74
74
containers-macvlans = handleTest ./containers-macvlans.nix {};
75
+
containers-names = handleTest ./containers-names.nix {};
75
76
containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
76
77
containers-portforward = handleTest ./containers-portforward.nix {};
77
78
containers-reloadable = handleTest ./containers-reloadable.nix {};
+3
-5
nixos/tests/containers-bridge.nix
+3
-5
nixos/tests/containers-bridge.nix
···
1
-
# Test for NixOS' container support.
2
-
3
1
let
4
2
hostIp = "192.168.0.1";
5
3
containerIp = "192.168.0.100/24";
···
7
5
containerIp6 = "fc00::2/7";
8
6
in
9
7
10
-
import ./make-test-python.nix ({ pkgs, ...} : {
8
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
11
9
name = "containers-bridge";
12
-
meta = with pkgs.lib.maintainers; {
13
-
maintainers = [ aristid aszlig eelco kampfschlaefer ];
10
+
meta = {
11
+
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
14
12
};
15
13
16
14
machine =
+3
-3
nixos/tests/containers-custom-pkgs.nix
+3
-3
nixos/tests/containers-custom-pkgs.nix
···
1
-
import ./make-test-python.nix ({ pkgs, lib, ...} : let
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: let
2
2
3
3
customPkgs = pkgs.appendOverlays [ (self: super: {
4
4
hello = super.hello.overrideAttrs (old: {
···
8
8
9
9
in {
10
10
name = "containers-custom-pkgs";
11
-
meta = with lib.maintainers; {
12
-
maintainers = [ adisbladis earvstedt ];
11
+
meta = {
12
+
maintainers = with lib.maintainers; [ adisbladis earvstedt ];
13
13
};
14
14
15
15
machine = { config, ... }: {
+4
-3
nixos/tests/containers-ephemeral.nix
+4
-3
nixos/tests/containers-ephemeral.nix
···
1
-
# Test for NixOS' container support.
2
-
3
-
import ./make-test-python.nix ({ pkgs, ...} : {
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
4
2
name = "containers-ephemeral";
3
+
meta = {
4
+
maintainers = with lib.maintainers; [ patryk27 ];
5
+
};
5
6
6
7
machine = { pkgs, ... }: {
7
8
virtualisation.memorySize = 768;
+3
-5
nixos/tests/containers-extra_veth.nix
+3
-5
nixos/tests/containers-extra_veth.nix
···
1
-
# Test for NixOS' container support.
2
-
3
-
import ./make-test-python.nix ({ pkgs, ...} : {
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
4
2
name = "containers-extra_veth";
5
-
meta = with pkgs.lib.maintainers; {
6
-
maintainers = [ kampfschlaefer ];
3
+
meta = {
4
+
maintainers = with lib.maintainers; [ kampfschlaefer ];
7
5
};
8
6
9
7
machine =
+3
-5
nixos/tests/containers-hosts.nix
+3
-5
nixos/tests/containers-hosts.nix
···
1
-
# Test for NixOS' container support.
2
-
3
-
import ./make-test-python.nix ({ pkgs, ...} : {
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
4
2
name = "containers-hosts";
5
-
meta = with pkgs.lib.maintainers; {
6
-
maintainers = [ montag451 ];
3
+
meta = {
4
+
maintainers = with lib.maintainers; [ montag451 ];
7
5
};
8
6
9
7
machine =
+3
-5
nixos/tests/containers-imperative.nix
+3
-5
nixos/tests/containers-imperative.nix
···
1
-
# Test for NixOS' container support.
2
-
3
-
import ./make-test-python.nix ({ pkgs, ...} : {
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
4
2
name = "containers-imperative";
5
-
meta = with pkgs.lib.maintainers; {
6
-
maintainers = [ aristid aszlig eelco kampfschlaefer ];
3
+
meta = {
4
+
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
7
5
};
8
6
9
7
machine =
+3
-5
nixos/tests/containers-ip.nix
+3
-5
nixos/tests/containers-ip.nix
···
1
-
# Test for NixOS' container support.
2
-
3
1
let
4
2
webserverFor = hostAddress: localAddress: {
5
3
inherit hostAddress localAddress;
···
13
11
};
14
12
};
15
13
16
-
in import ./make-test-python.nix ({ pkgs, ...} : {
14
+
in import ./make-test-python.nix ({ pkgs, lib, ... }: {
17
15
name = "containers-ipv4-ipv6";
18
-
meta = with pkgs.lib.maintainers; {
19
-
maintainers = [ aristid aszlig eelco kampfschlaefer ];
16
+
meta = {
17
+
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
20
18
};
21
19
22
20
machine =
+3
-5
nixos/tests/containers-macvlans.nix
+3
-5
nixos/tests/containers-macvlans.nix
···
1
-
# Test for NixOS' container support.
2
-
3
1
let
4
2
# containers IP on VLAN 1
5
3
containerIp1 = "192.168.1.253";
6
4
containerIp2 = "192.168.1.254";
7
5
in
8
6
9
-
import ./make-test-python.nix ({ pkgs, ...} : {
7
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
10
8
name = "containers-macvlans";
11
-
meta = with pkgs.lib.maintainers; {
12
-
maintainers = [ montag451 ];
9
+
meta = {
10
+
maintainers = with lib.maintainers; [ montag451 ];
13
11
};
14
12
15
13
nodes = {
+37
nixos/tests/containers-names.nix
+37
nixos/tests/containers-names.nix
···
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
2
+
name = "containers-names";
3
+
meta = {
4
+
maintainers = with lib.maintainers; [ patryk27 ];
5
+
};
6
+
7
+
machine = { ... }: {
8
+
# We're using the newest kernel, so that we can test containers with long names.
9
+
# Please see https://github.com/NixOS/nixpkgs/issues/38509 for details.
10
+
boot.kernelPackages = pkgs.linuxPackages_latest;
11
+
12
+
containers = let
13
+
container = subnet: {
14
+
autoStart = true;
15
+
privateNetwork = true;
16
+
hostAddress = "192.168.${subnet}.1";
17
+
localAddress = "192.168.${subnet}.2";
18
+
config = { };
19
+
};
20
+
21
+
in {
22
+
first = container "1";
23
+
second = container "2";
24
+
really-long-name = container "3";
25
+
really-long-long-name-2 = container "4";
26
+
};
27
+
};
28
+
29
+
testScript = ''
30
+
machine.wait_for_unit("default.target")
31
+
32
+
machine.succeed("ip link show | grep ve-first")
33
+
machine.succeed("ip link show | grep ve-second")
34
+
machine.succeed("ip link show | grep ve-really-lFYWO")
35
+
machine.succeed("ip link show | grep ve-really-l3QgY")
36
+
'';
37
+
})
+3
-4
nixos/tests/containers-physical_interfaces.nix
+3
-4
nixos/tests/containers-physical_interfaces.nix
···
1
-
2
-
import ./make-test-python.nix ({ pkgs, ...} : {
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
3
2
name = "containers-physical_interfaces";
4
-
meta = with pkgs.lib.maintainers; {
5
-
maintainers = [ kampfschlaefer ];
3
+
meta = {
4
+
maintainers = with lib.maintainers; [ kampfschlaefer ];
6
5
};
7
6
8
7
nodes = {
+3
-5
nixos/tests/containers-portforward.nix
+3
-5
nixos/tests/containers-portforward.nix
···
1
-
# Test for NixOS' container support.
2
-
3
1
let
4
2
hostIp = "192.168.0.1";
5
3
hostPort = 10080;
···
7
5
containerPort = 80;
8
6
in
9
7
10
-
import ./make-test-python.nix ({ pkgs, ...} : {
8
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
11
9
name = "containers-portforward";
12
-
meta = with pkgs.lib.maintainers; {
13
-
maintainers = [ aristid aszlig eelco kampfschlaefer ianwookim ];
10
+
meta = {
11
+
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ianwookim ];
14
12
};
15
13
16
14
machine =
+3
-4
nixos/tests/containers-reloadable.nix
+3
-4
nixos/tests/containers-reloadable.nix
···
1
-
import ./make-test-python.nix ({ pkgs, lib, ...} :
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }:
2
2
let
3
3
client_base = {
4
-
5
4
containers.test1 = {
6
5
autoStart = true;
7
6
config = {
···
16
15
};
17
16
in {
18
17
name = "containers-reloadable";
19
-
meta = with pkgs.lib.maintainers; {
20
-
maintainers = [ danbst ];
18
+
meta = {
19
+
maintainers = with lib.maintainers; [ danbst ];
21
20
};
22
21
23
22
nodes = {
+3
-5
nixos/tests/containers-restart_networking.nix
+3
-5
nixos/tests/containers-restart_networking.nix
···
1
-
# Test for NixOS' container support.
2
-
3
1
let
4
2
client_base = {
5
3
networking.firewall.enable = false;
···
16
14
};
17
15
};
18
16
};
19
-
in import ./make-test-python.nix ({ pkgs, ...} :
17
+
in import ./make-test-python.nix ({ pkgs, lib, ... }:
20
18
{
21
19
name = "containers-restart_networking";
22
-
meta = with pkgs.lib.maintainers; {
23
-
maintainers = [ kampfschlaefer ];
20
+
meta = {
21
+
maintainers = with lib.maintainers; [ kampfschlaefer ];
24
22
};
25
23
26
24
nodes = {
+3
-5
nixos/tests/containers-tmpfs.nix
+3
-5
nixos/tests/containers-tmpfs.nix
···
1
-
# Test for NixOS' container support.
2
-
3
-
import ./make-test-python.nix ({ pkgs, ...} : {
1
+
import ./make-test-python.nix ({ pkgs, lib, ... }: {
4
2
name = "containers-tmpfs";
5
-
meta = with pkgs.lib.maintainers; {
6
-
maintainers = [ ];
3
+
meta = {
4
+
maintainers = with lib.maintainers; [ patryk27 ];
7
5
};
8
6
9
7
machine =