Merge pull request #100433 from Patryk27/fixes/38509

nixos/containers: allow containers with long names to create private networks
2021-02-26 21:35:07 +01:00 · 2021-02-26 21:35:07 +01:00 · 1624ae8a96
commit 1624ae8a96
parent b4389c0736 336ef2de99
16 changed files with 86 additions and 63 deletions
--- a/nixos/modules/virtualisation/nixos-containers.nix
+++ b/nixos/modules/virtualisation/nixos-containers.nix
@ -271,8 +271,8 @@ let
    DeviceAllow = map (d: "${d.node} ${d.modifier}") cfg.allowedDevices;
  };
  system = config.nixpkgs.localSystem.system;
  kernelVersion = config.boot.kernelPackages.kernel.version;
  bindMountOpts = { name, ... }: {
@ -321,7 +321,6 @@ let
    };
  };
  mkBindFlag = d:
               let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
                   mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}";
@ -482,11 +481,16 @@ in
                          networking.useDHCP = false;
                          assertions = [
                            {
-                              assertion =  config.privateNetwork -> stringLength name < 12;
+                              assertion =
                                (builtins.compareVersions kernelVersion "5.8" <= 0)
                                -> config.privateNetwork
                                -> stringLength name <= 11;
                              message = ''
                                Container name `${name}` is too long: When `privateNetwork` is enabled, container names can
                                not be longer than 11 characters, because the container's interface name is derived from it.
-                                This might be fixed in the future. See https://github.com/NixOS/nixpkgs/issues/38509
+                                You should either make the container name shorter or upgrade to a more recent kernel that
                                supports interface altnames (i.e. at least Linux 5.8 - please see https://github.com/NixOS/nixpkgs/issues/38509
                                for details).
                              '';
                            }
                          ];
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -72,6 +72,7 @@ in
  containers-imperative = handleTest ./containers-imperative.nix {};
  containers-ip = handleTest ./containers-ip.nix {};
  containers-macvlans = handleTest ./containers-macvlans.nix {};
  containers-names = handleTest ./containers-names.nix {};
  containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
  containers-portforward = handleTest ./containers-portforward.nix {};
  containers-reloadable = handleTest ./containers-reloadable.nix {};
--- a/nixos/tests/containers-bridge.nix
+++ b/nixos/tests/containers-bridge.nix
@ -1,5 +1,3 @@
 # Test for NixOS' container support.
 let
  hostIp = "192.168.0.1";
  containerIp = "192.168.0.100/24";
@ -7,10 +5,10 @@ let
  containerIp6 = "fc00::2/7";
 in
-import ./make-test-python.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
  name = "containers-bridge";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ aristid aszlig eelco kampfschlaefer ];
+    maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
  };
  machine =
--- a/nixos/tests/containers-custom-pkgs.nix
+++ b/nixos/tests/containers-custom-pkgs.nix
@ -1,4 +1,4 @@
-import ./make-test-python.nix ({ pkgs, lib, ...} : let
+import ./make-test-python.nix ({ pkgs, lib, ... }: let
  customPkgs = pkgs.appendOverlays [ (self: super: {
    hello = super.hello.overrideAttrs (old: {
@ -8,8 +8,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : let
 in {
  name = "containers-custom-pkgs";
-  meta = with lib.maintainers; {
+  meta = {
-    maintainers = [ adisbladis earvstedt ];
+    maintainers = with lib.maintainers; [ adisbladis earvstedt ];
  };
  machine = { config, ... }: {
--- a/nixos/tests/containers-ephemeral.nix
+++ b/nixos/tests/containers-ephemeral.nix
@ -1,7 +1,8 @@
-# Test for NixOS' container support.
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-ephemeral";
  meta = {
    maintainers = with lib.maintainers; [ patryk27 ];
  };
  machine = { pkgs, ... }: {
    virtualisation.memorySize = 768;
--- a/nixos/tests/containers-extra_veth.nix
+++ b/nixos/tests/containers-extra_veth.nix
@ -1,9 +1,7 @@
-# Test for NixOS' container support.
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-extra_veth";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ kampfschlaefer ];
+    maintainers = with lib.maintainers; [ kampfschlaefer ];
  };
  machine =
--- a/nixos/tests/containers-hosts.nix
+++ b/nixos/tests/containers-hosts.nix
@ -1,9 +1,7 @@
-# Test for NixOS' container support.
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-hosts";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ montag451 ];
+    maintainers = with lib.maintainers; [ montag451 ];
  };
  machine =
--- a/nixos/tests/containers-imperative.nix
+++ b/nixos/tests/containers-imperative.nix
@ -1,9 +1,7 @@
-# Test for NixOS' container support.
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-imperative";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ aristid aszlig eelco kampfschlaefer ];
+    maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
  };
  machine =
--- a/nixos/tests/containers-ip.nix
+++ b/nixos/tests/containers-ip.nix
@ -1,5 +1,3 @@
 # Test for NixOS' container support.
 let
  webserverFor = hostAddress: localAddress: {
    inherit hostAddress localAddress;
@ -13,10 +11,10 @@ let
    };
  };
-in import ./make-test-python.nix ({ pkgs, ...} : {
+in import ./make-test-python.nix ({ pkgs, lib, ... }: {
  name = "containers-ipv4-ipv6";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ aristid aszlig eelco kampfschlaefer ];
+    maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
  };
  machine =
--- a/nixos/tests/containers-macvlans.nix
+++ b/nixos/tests/containers-macvlans.nix
@ -1,15 +1,13 @@
 # Test for NixOS' container support.
 let
  # containers IP on VLAN 1
  containerIp1 = "192.168.1.253";
  containerIp2 = "192.168.1.254";
 in
-import ./make-test-python.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
  name = "containers-macvlans";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ montag451 ];
+    maintainers = with lib.maintainers; [ montag451 ];
  };
  nodes = {
--- a/nixos/tests/containers-names.nix
+++ b/nixos/tests/containers-names.nix
@ -0,0 +1,37 @@
 import ./make-test-python.nix ({ pkgs, lib, ... }: {
  name = "containers-names";
  meta = {
    maintainers = with lib.maintainers; [ patryk27 ];
  };
  machine = { ... }: {
    # We're using the newest kernel, so that we can test containers with long names.
    # Please see https://github.com/NixOS/nixpkgs/issues/38509 for details.
    boot.kernelPackages = pkgs.linuxPackages_latest;
    containers = let
      container = subnet: {
        autoStart = true;
        privateNetwork = true;
        hostAddress = "192.168.${subnet}.1";
        localAddress = "192.168.${subnet}.2";
        config = { };
      };
     in {
      first = container "1";
      second = container "2";
      really-long-name = container "3";
      really-long-long-name-2 = container "4";
    };
  };
  testScript = ''
    machine.wait_for_unit("default.target")
    machine.succeed("ip link show | grep ve-first")
    machine.succeed("ip link show | grep ve-second")
    machine.succeed("ip link show | grep ve-really-lFYWO")
    machine.succeed("ip link show | grep ve-really-l3QgY")
  '';
 })
--- a/nixos/tests/containers-physical_interfaces.nix
+++ b/nixos/tests/containers-physical_interfaces.nix
@ -1,8 +1,7 @@
-
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-physical_interfaces";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ kampfschlaefer ];
+    maintainers = with lib.maintainers; [ kampfschlaefer ];
  };
  nodes = {
--- a/nixos/tests/containers-portforward.nix
+++ b/nixos/tests/containers-portforward.nix
@ -1,5 +1,3 @@
 # Test for NixOS' container support.
 let
  hostIp = "192.168.0.1";
  hostPort = 10080;
@ -7,10 +5,10 @@ let
  containerPort = 80;
 in
-import ./make-test-python.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
  name = "containers-portforward";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ aristid aszlig eelco kampfschlaefer ianwookim ];
+    maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ianwookim ];
  };
  machine =
--- a/nixos/tests/containers-reloadable.nix
+++ b/nixos/tests/containers-reloadable.nix
@ -1,7 +1,6 @@
-import ./make-test-python.nix ({ pkgs, lib, ...} :
+import ./make-test-python.nix ({ pkgs, lib, ... }:
 let
  client_base = {
    containers.test1 = {
      autoStart = true;
      config = {
@ -16,8 +15,8 @@ let
  };
 in {
  name = "containers-reloadable";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ danbst ];
+    maintainers = with lib.maintainers; [ danbst ];
  };
  nodes = {
--- a/nixos/tests/containers-restart_networking.nix
+++ b/nixos/tests/containers-restart_networking.nix
@ -1,5 +1,3 @@
 # Test for NixOS' container support.
 let
  client_base = {
    networking.firewall.enable = false;
@ -16,11 +14,11 @@ let
      };
    };
  };
-in import ./make-test-python.nix ({ pkgs, ...} :
+in import ./make-test-python.nix ({ pkgs, lib, ... }:
 {
  name = "containers-restart_networking";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ kampfschlaefer ];
+    maintainers = with lib.maintainers; [ kampfschlaefer ];
  };
  nodes = {
--- a/nixos/tests/containers-tmpfs.nix
+++ b/nixos/tests/containers-tmpfs.nix
@ -1,9 +1,7 @@
-# Test for NixOS' container support.
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-tmpfs";
-  meta = with pkgs.lib.maintainers; {
+  meta = {
-    maintainers = [ ];
+    maintainers = with lib.maintainers; [ patryk27 ];
  };
  machine =