containers: hostbridge and IPv6#14018
Conversation
joachifm
added
0.kind: enhancement
| virtualisation.pathsInNixDB = [ pkgs.stdenv ]; | ||
| }; | ||
|
|
||
| testScript = |
There was a problem hiding this comment.
This test fails for me because there is no nameserver available:
machine# error checking the existence of http://tarballs.nixos.org/sha256/13i04dkd709f0p5f2413sf2y9321pfi4y85ynf8wih6ryphnbk9x:
machine# curl: (6) name lookup timed out
machine#
machine# trying http://www.docbook.org/xml/5.0/docbook-5.0.zip
machine# Warning: Transient problem: timeout Will retry in 1 seconds. 3 retries left.
machine# Warning: Transient problem: timeout Will retry in 2 seconds. 2 retries left.
machine# Warning: Transient problem: timeout Will retry in 4 seconds. 1 retries left.
machine# curl: (6) Couldn't resolve host 'www.docbook.org'
machine# error: cannot download docbook-5.0.zip from any mirror
machine# builder for ‘/nix/store/mh8hylyfkrmbhjbpz4xkz8f8lx3hcbvc-docbook-5.0.zip.drv’ failed with exit code 1
There was a problem hiding this comment.
interesting. didn't fail here. I will look at this the next days. Maybe its because of the order in which the test-cases where executed? Could be that running the imperative tests standalone and before the declarative tests reveals a missing configuration…
There was a problem hiding this comment.
@fpletz
Hm, I re-ran these tests on three different machines (two ubuntu1404+nix, one nixos15.09) with cleaned nix-store but couldn't encounter this. Maybe the problem really was resolution of docbook.org at the time you ran the test?
There was a problem hiding this comment.
Thanks for testing this on different machines. I'll give it another shot.
|
I noticed that this is yet missing a |
kampfschlaefer
force-pushed
the
feature/hostbridge_and_ipv6_for_containers
branch
from
a15390d to
776accb
Compare
This allows the containers to have their interface in a bridge on the host. Also this adds IPv6 addresses to the containers both with bridged and unbridged network.
A testcase each for - declarative ipv6-only container Seems odd to define the container IPs with their prefix length attached. There should be a better way… - declarative bridged container Also fix the ping test by waiting for the container to start When the ping was executed, the container might not have finished starting. Or the host-side of the container wasn't finished with config. Waiting for 2 seconds in between fixes this.
Without the templating (which is still present for imperative containers), it will be possible to set individual dependencies. Like depending on the network only if the hostbridge or hardware interfaces are used. Ported from NixOS#3021
kampfschlaefer
force-pushed
the
feature/hostbridge_and_ipv6_for_containers
branch
from
776accb to
3c819f2
Compare
|
@fpletz Extending the containers will probably be an endless endeavor. But this now has ipv6, host bridge, real service definitions and tests. I think this is ready for merging into master (would have loved to have this in 16.03). Making the boot-dependency on network.target only for containers needing it and the macvlans are subject for the next future PRs. PS: rebased this against the last nixos-unstable-small channel. |
|
Thanks! Tested and works as intended. Looking forward to further improvements! ;) |
|
BTW, having things like |
5 participants
This patches achieve two things that extend containers to make them more usable (at least for me):
With this the containers can get one IPv6 address in addition to the ipv4 address. Or only an ipv6 address;-)
Its also now possible to define the host-side bridge the containers interface should be placed in. Then only the container-side of the addresses is needed.
More
superseedes #12736
cc @fpletz