/
balmaster
/
podman
GigaCode
beta
ОбзорЦентр заботыВойти

podman

Форк
0
Ветки: 55Коммиты: 22365Теги: 216
podman
/test
/e2e
/
run_networking_test.go 
1209 строк · 54.0 Кб
1
package integration
2


3
import (
4
	"encoding/json"
5
	"fmt"
6
	"net"
7
	"os"
8
	"strconv"
9
	"strings"
10
	"syscall"
11


12
	"github.com/containernetworking/plugins/pkg/ns"
13
	"github.com/containers/podman/v5/pkg/domain/entities"
14
	. "github.com/containers/podman/v5/test/utils"
15
	"github.com/containers/storage/pkg/stringid"
16
	. "github.com/onsi/ginkgo/v2"
17
	. "github.com/onsi/gomega"
18
	. "github.com/onsi/gomega/gexec"
19
	"github.com/vishvananda/netlink"
20
)
21


22
var _ = Describe("Podman run networking", func() {
23


24
	hostname, _ := os.Hostname()
25


26
	It("podman verify network scoped DNS server and also verify updating network dns server", func() {
27
		// Following test is only functional with netavark and aardvark
28
		SkipIfCNI(podmanTest)
29
		net := createNetworkName("IntTest")
30
		session := podmanTest.Podman([]string{"network", "create", net, "--dns", "1.1.1.1"})
31
		session.WaitWithDefaultTimeout()
32
		defer podmanTest.removeNetwork(net)
33
		Expect(session).Should(ExitCleanly())
34


35
		session = podmanTest.Podman([]string{"network", "inspect", net})
36
		session.WaitWithDefaultTimeout()
37
		defer podmanTest.removeNetwork(net)
38
		Expect(session).Should(ExitCleanly())
39
		var results []entities.NetworkInspectReport
40
		err := json.Unmarshal([]byte(session.OutputToString()), &results)
41
		Expect(err).ToNot(HaveOccurred())
42
		Expect(results).To(HaveLen(1))
43
		result := results[0]
44
		Expect(result.Subnets).To(HaveLen(1))
45
		aardvarkDNSGateway := result.Subnets[0].Gateway.String()
46
		Expect(result.NetworkDNSServers).To(Equal([]string{"1.1.1.1"}))
47


48
		session = podmanTest.Podman([]string{"run", "-d", "--name", "con1", "--network", net, "busybox", "top"})
49
		session.WaitWithDefaultTimeout()
50
		Expect(session).Should(ExitCleanly())
51


52
		session = podmanTest.Podman([]string{"exec", "con1", "nslookup", "google.com", aardvarkDNSGateway})
53
		session.WaitWithDefaultTimeout()
54
		Expect(session).Should(ExitCleanly())
55
		Expect(session.OutputToString()).To(ContainSubstring("Non-authoritative answer: Name: google.com Address:"))
56


57
		// Update to a bad DNS Server
58
		session = podmanTest.Podman([]string{"network", "update", net, "--dns-add", "127.0.0.255"})
59
		session.WaitWithDefaultTimeout()
60
		Expect(session).Should(ExitCleanly())
61


62
		// Remove good DNS server
63
		session = podmanTest.Podman([]string{"network", "update", net, "--dns-drop=1.1.1.1"})
64
		session.WaitWithDefaultTimeout()
65
		Expect(session).Should(ExitCleanly())
66


67
		session = podmanTest.Podman([]string{"exec", "con1", "nslookup", "google.com", aardvarkDNSGateway})
68
		session.WaitWithDefaultTimeout()
69
		Expect(session).Should(Exit(1))
70
		Expect(session.OutputToString()).To(ContainSubstring(";; connection timed out; no servers could be reached"))
71
	})
72


73
	It("podman network dns multiple servers", func() {
74
		// Following test is only functional with netavark and aardvark
75
		SkipIfCNI(podmanTest)
76
		net := createNetworkName("IntTest")
77
		session := podmanTest.Podman([]string{"network", "create", net, "--dns", "1.1.1.1,8.8.8.8", "--dns", "8.4.4.8"})
78
		session.WaitWithDefaultTimeout()
79
		defer podmanTest.removeNetwork(net)
80
		Expect(session).Should(ExitCleanly())
81


82
		session = podmanTest.Podman([]string{"network", "inspect", net})
83
		session.WaitWithDefaultTimeout()
84
		defer podmanTest.removeNetwork(net)
85
		Expect(session).Should(ExitCleanly())
86
		var results []entities.NetworkInspectReport
87
		err := json.Unmarshal([]byte(session.OutputToString()), &results)
88
		Expect(err).ToNot(HaveOccurred())
89
		Expect(results).To(HaveLen(1))
90
		result := results[0]
91
		Expect(result.Subnets).To(HaveLen(1))
92
		aardvarkDNSGateway := result.Subnets[0].Gateway.String()
93
		Expect(result.NetworkDNSServers).To(Equal([]string{"1.1.1.1", "8.8.8.8", "8.4.4.8"}))
94


95
		session = podmanTest.Podman([]string{"run", "-d", "--name", "con1", "--network", net, "busybox", "top"})
96
		session.WaitWithDefaultTimeout()
97
		Expect(session).Should(ExitCleanly())
98


99
		session = podmanTest.Podman([]string{"exec", "con1", "nslookup", "google.com", aardvarkDNSGateway})
100
		session.WaitWithDefaultTimeout()
101
		Expect(session).Should(ExitCleanly())
102
		Expect(session.OutputToString()).To(ContainSubstring("Non-authoritative answer: Name: google.com Address:"))
103


104
		// Update DNS server
105
		session = podmanTest.Podman([]string{"network", "update", net, "--dns-drop=1.1.1.1,8.8.8.8",
106
			"--dns-drop", "8.4.4.8", "--dns-add", "127.0.0.253,127.0.0.254", "--dns-add", "127.0.0.255"})
107
		session.WaitWithDefaultTimeout()
108
		Expect(session).Should(ExitCleanly())
109


110
		session = podmanTest.Podman([]string{"network", "inspect", net})
111
		session.WaitWithDefaultTimeout()
112
		defer podmanTest.removeNetwork(net)
113
		Expect(session).Should(ExitCleanly())
114
		err = json.Unmarshal([]byte(session.OutputToString()), &results)
115
		Expect(err).ToNot(HaveOccurred())
116
		Expect(results).To(HaveLen(1))
117
		Expect(results[0].NetworkDNSServers).To(Equal([]string{"127.0.0.253", "127.0.0.254", "127.0.0.255"}))
118


119
		session = podmanTest.Podman([]string{"exec", "con1", "nslookup", "google.com", aardvarkDNSGateway})
120
		session.WaitWithDefaultTimeout()
121
		Expect(session).Should(Exit(1))
122
		Expect(session.OutputToString()).To(ContainSubstring(";; connection timed out; no servers could be reached"))
123
	})
124


125
	It("podman run network connection with default bridge", func() {
126
		session := podmanTest.RunContainerWithNetworkTest("")
127
		session.WaitWithDefaultTimeout()
128
		Expect(session).Should(ExitCleanly())
129
	})
130


131
	It("podman run network connection with host", func() {
132
		session := podmanTest.RunContainerWithNetworkTest("host")
133
		session.WaitWithDefaultTimeout()
134
		Expect(session).Should(ExitCleanly())
135
	})
136


137
	It("podman run network connection with default", func() {
138
		session := podmanTest.RunContainerWithNetworkTest("default")
139
		session.WaitWithDefaultTimeout()
140
		Expect(session).Should(ExitCleanly())
141
	})
142


143
	It("podman run network connection with none", func() {
144
		session := podmanTest.RunContainerWithNetworkTest("none")
145
		session.WaitWithDefaultTimeout()
146
		if _, found := os.LookupEnv("http_proxy"); found {
147
			Expect(session).Should(Exit(5))
148
			Expect(session.ErrorToString()).To(ContainSubstring("Could not resolve proxy:"))
149
		} else {
150
			Expect(session).Should(Exit(6))
151
			Expect(session.ErrorToString()).To(ContainSubstring("Could not resolve host: www.redhat.com"))
152
		}
153
	})
154


155
	It("podman run network connection with private", func() {
156
		session := podmanTest.RunContainerWithNetworkTest("private")
157
		session.WaitWithDefaultTimeout()
158
		Expect(session).Should(ExitCleanly())
159
	})
160


161
	It("podman verify resolv.conf with --dns + --network", func() {
162
		// Following test is only functional with netavark and aardvark
163
		// since new behaviour depends upon output from of statusBlock
164
		SkipIfCNI(podmanTest)
165
		net := createNetworkName("IntTest")
166
		session := podmanTest.Podman([]string{"network", "create", net})
167
		session.WaitWithDefaultTimeout()
168
		defer podmanTest.removeNetwork(net)
169
		Expect(session).Should(ExitCleanly())
170


171
		session = podmanTest.Podman([]string{"run", "--name", "con1", "--dns", "1.1.1.1", "--network", net, ALPINE, "cat", "/etc/resolv.conf"})
172
		session.WaitWithDefaultTimeout()
173
		Expect(session).Should(ExitCleanly())
174
		// Must not contain custom dns server in containers
175
		// `/etc/resolv.conf` since custom dns-server is
176
		// already expected to be present and processed by
177
		// Podman's DNS resolver i.e ( aarvark-dns or dnsname ).
178
		Expect(session.OutputToString()).ToNot(ContainSubstring("nameserver 1.1.1.1"))
179
		// But /etc/resolve.conf must contain other nameserver
180
		// i.e dns server configured for network.
181
		Expect(session.OutputToString()).To(ContainSubstring("nameserver"))
182


183
		session = podmanTest.Podman([]string{"run", "--name", "con2", "--dns", "1.1.1.1", ALPINE, "cat", "/etc/resolv.conf"})
184
		session.WaitWithDefaultTimeout()
185
		Expect(session).Should(ExitCleanly())
186
		// All the networks being used by following container
187
		// don't have dns_enabled in such scenario `/etc/resolv.conf`
188
		// must contain nameserver which were specified via `--dns`.
189
		Expect(session.OutputToString()).To(ContainSubstring("nameserver 1.1.1.1"))
190
	})
191


192
	It("podman run network expose port 222", func() {
193
		SkipIfRootless("iptables is not supported for rootless users")
194
		session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", "-P", ALPINE, "/bin/sh"})
195
		session.WaitWithDefaultTimeout()
196
		Expect(session).Should(ExitCleanly())
197
		results := SystemExec("iptables", []string{"-t", "nat", "-nvL"})
198
		Expect(results).Should(ExitCleanly())
199
		Expect(results.OutputToString()).To(ContainSubstring("222"))
200
		Expect(results.OutputToString()).To(ContainSubstring("223"))
201
	})
202


203
	It("podman run -p 80", func() {
204
		name := "testctr"
205
		session := podmanTest.Podman([]string{"create", "-t", "-p", "80", "--name", name, ALPINE, "/bin/sh"})
206
		session.WaitWithDefaultTimeout()
207
		inspectOut := podmanTest.InspectContainer(name)
208
		Expect(inspectOut).To(HaveLen(1))
209
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
210
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
211
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80")))
212
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
213
	})
214


215
	It("podman run -p 80-82 -p 8090:8090", func() {
216
		name := "testctr"
217
		session := podmanTest.Podman([]string{"create", "-t", "-p", "80-82", "-p", "8090:8090", "--name", name, ALPINE, "/bin/sh"})
218
		session.WaitWithDefaultTimeout()
219
		inspectOut := podmanTest.InspectContainer(name)
220
		Expect(inspectOut).To(HaveLen(1))
221
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(4))
222
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
223
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80")))
224
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
225
		Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"]).To(HaveLen(1))
226
		Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0].HostPort).To(Not(Equal("81")))
227
		Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
228
		Expect(inspectOut[0].NetworkSettings.Ports["82/tcp"]).To(HaveLen(1))
229
		Expect(inspectOut[0].NetworkSettings.Ports["82/tcp"][0].HostPort).To(Not(Equal("82")))
230
		Expect(inspectOut[0].NetworkSettings.Ports["82/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
231
		Expect(inspectOut[0].NetworkSettings.Ports["8090/tcp"]).To(HaveLen(1))
232
		Expect(inspectOut[0].NetworkSettings.Ports["8090/tcp"][0]).To(HaveField("HostPort", "8090"))
233
		Expect(inspectOut[0].NetworkSettings.Ports["8090/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
234
	})
235


236
	It("podman run -p 80-81 -p 8180-8181", func() {
237
		name := "testctr"
238
		session := podmanTest.Podman([]string{"create", "-t", "-p", "80-81", "-p", "8180-8181", "--name", name, ALPINE, "/bin/sh"})
239
		session.WaitWithDefaultTimeout()
240
		inspectOut := podmanTest.InspectContainer(name)
241
		Expect(inspectOut).To(HaveLen(1))
242
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(4))
243
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
244
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80")))
245
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
246
		Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"]).To(HaveLen(1))
247
		Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0].HostPort).To(Not(Equal("81")))
248
		Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
249
		Expect(inspectOut[0].NetworkSettings.Ports["8180/tcp"]).To(HaveLen(1))
250
		Expect(inspectOut[0].NetworkSettings.Ports["8180/tcp"][0].HostPort).To(Not(Equal("8180")))
251
		Expect(inspectOut[0].NetworkSettings.Ports["8180/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
252
		Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"]).To(HaveLen(1))
253
		Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"][0].HostPort).To(Not(Equal("8181")))
254
		Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
255
	})
256


257
	It("podman run -p 80 -p 8280-8282:8280-8282", func() {
258
		name := "testctr"
259
		session := podmanTest.Podman([]string{"create", "-t", "-p", "80", "-p", "8280-8282:8280-8282", "--name", name, ALPINE, "/bin/sh"})
260
		session.WaitWithDefaultTimeout()
261
		inspectOut := podmanTest.InspectContainer(name)
262
		Expect(inspectOut).To(HaveLen(1))
263
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(4))
264
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
265
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80")))
266
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
267
		Expect(inspectOut[0].NetworkSettings.Ports["8280/tcp"]).To(HaveLen(1))
268
		Expect(inspectOut[0].NetworkSettings.Ports["8280/tcp"][0]).To(HaveField("HostPort", "8280"))
269
		Expect(inspectOut[0].NetworkSettings.Ports["8280/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
270
		Expect(inspectOut[0].NetworkSettings.Ports["8281/tcp"]).To(HaveLen(1))
271
		Expect(inspectOut[0].NetworkSettings.Ports["8281/tcp"][0]).To(HaveField("HostPort", "8281"))
272
		Expect(inspectOut[0].NetworkSettings.Ports["8281/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
273
		Expect(inspectOut[0].NetworkSettings.Ports["8282/tcp"]).To(HaveLen(1))
274
		Expect(inspectOut[0].NetworkSettings.Ports["8282/tcp"][0]).To(HaveField("HostPort", "8282"))
275
		Expect(inspectOut[0].NetworkSettings.Ports["8282/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
276
	})
277


278
	It("podman run -p 8380:80", func() {
279
		name := "testctr"
280
		session := podmanTest.Podman([]string{"create", "-t", "-p", "8380:80", "--name", name, ALPINE, "/bin/sh"})
281
		session.WaitWithDefaultTimeout()
282
		inspectOut := podmanTest.InspectContainer(name)
283
		Expect(inspectOut).To(HaveLen(1))
284
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
285
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
286
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "8380"))
287
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
288
	})
289


290
	It("podman run -p 8480:80/TCP", func() {
291
		name := "testctr"
292
		// "TCP" in upper characters
293
		session := podmanTest.Podman([]string{"create", "-t", "-p", "8480:80/TCP", "--name", name, ALPINE, "/bin/sh"})
294
		session.WaitWithDefaultTimeout()
295
		inspectOut := podmanTest.InspectContainer(name)
296
		Expect(inspectOut).To(HaveLen(1))
297
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
298
		// "tcp" in lower characters
299
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
300
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "8480"))
301
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
302
	})
303


304
	It("podman run -p 80/udp", func() {
305
		name := "testctr"
306
		session := podmanTest.Podman([]string{"create", "-t", "-p", "80/udp", "--name", name, ALPINE, "/bin/sh"})
307
		session.WaitWithDefaultTimeout()
308
		inspectOut := podmanTest.InspectContainer(name)
309
		Expect(inspectOut).To(HaveLen(1))
310
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
311
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"]).To(HaveLen(1))
312
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0].HostPort).To(Not(Equal("80")))
313
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostIP", "0.0.0.0"))
314
	})
315


316
	It("podman run -p 127.0.0.1:8580:80", func() {
317
		name := "testctr"
318
		session := podmanTest.Podman([]string{"create", "-t", "-p", "127.0.0.1:8580:80", "--name", name, ALPINE, "/bin/sh"})
319
		session.WaitWithDefaultTimeout()
320
		inspectOut := podmanTest.InspectContainer(name)
321
		Expect(inspectOut).To(HaveLen(1))
322
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
323
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
324
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "8580"))
325
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "127.0.0.1"))
326
	})
327


328
	It("podman run -p 127.0.0.1:8680:80/udp", func() {
329
		name := "testctr"
330
		session := podmanTest.Podman([]string{"create", "-t", "-p", "127.0.0.1:8680:80/udp", "--name", name, ALPINE, "/bin/sh"})
331
		session.WaitWithDefaultTimeout()
332
		inspectOut := podmanTest.InspectContainer(name)
333
		Expect(inspectOut).To(HaveLen(1))
334
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
335
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"]).To(HaveLen(1))
336
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostPort", "8680"))
337
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostIP", "127.0.0.1"))
338
	})
339


340
	It("podman run -p [::1]:8780:80/udp", func() {
341
		name := "testctr"
342
		session := podmanTest.Podman([]string{"create", "-t", "-p", "[::1]:8780:80/udp", "--name", name, ALPINE, "/bin/sh"})
343
		session.WaitWithDefaultTimeout()
344
		inspectOut := podmanTest.InspectContainer(name)
345
		Expect(inspectOut).To(HaveLen(1))
346
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
347
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"]).To(HaveLen(1))
348
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostPort", "8780"))
349
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostIP", "::1"))
350
	})
351


352
	It("podman run -p [::1]:8880:80/tcp", func() {
353
		name := "testctr"
354
		session := podmanTest.Podman([]string{"create", "-t", "-p", "[::1]:8880:80/tcp", "--name", name, ALPINE, "/bin/sh"})
355
		session.WaitWithDefaultTimeout()
356
		inspectOut := podmanTest.InspectContainer(name)
357
		Expect(inspectOut).To(HaveLen(1))
358
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
359
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
360
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "8880"))
361
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "::1"))
362
	})
363


364
	It("podman run --expose 80 -P", func() {
365
		name := "testctr"
366
		session := podmanTest.Podman([]string{"create", "-t", "--expose", "80", "-P", "--name", name, ALPINE, "/bin/sh"})
367
		session.WaitWithDefaultTimeout()
368
		inspectOut := podmanTest.InspectContainer(name)
369
		Expect(inspectOut).To(HaveLen(1))
370
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
371
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
372
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("0")))
373
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
374
	})
375


376
	It("podman run --expose 80/udp -P", func() {
377
		name := "testctr"
378
		session := podmanTest.Podman([]string{"create", "-t", "--expose", "80/udp", "-P", "--name", name, ALPINE, "/bin/sh"})
379
		session.WaitWithDefaultTimeout()
380
		inspectOut := podmanTest.InspectContainer(name)
381
		Expect(inspectOut).To(HaveLen(1))
382
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
383
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"]).To(HaveLen(1))
384
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0].HostPort).To(Not(Equal("0")))
385
		Expect(inspectOut[0].NetworkSettings.Ports["80/udp"][0]).To(HaveField("HostIP", "0.0.0.0"))
386
	})
387


388
	It("podman run --expose 80 -p 80", func() {
389
		name := "testctr"
390
		session := podmanTest.Podman([]string{"create", "-t", "--expose", "80", "-p", "80", "--name", name, ALPINE, "/bin/sh"})
391
		session.WaitWithDefaultTimeout()
392
		inspectOut := podmanTest.InspectContainer(name)
393
		Expect(inspectOut).To(HaveLen(1))
394
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
395
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
396
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80")))
397
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
398
	})
399


400
	It("podman run --publish-all with EXPOSE port ranges in Dockerfile", func() {
401
		// Test port ranges, range with protocol and with an overlapping port
402
		podmanTest.AddImageToRWStore(ALPINE)
403
		dockerfile := fmt.Sprintf(`FROM %s
404
EXPOSE 2002
405
EXPOSE 2001-2003
406
EXPOSE 2004-2005/tcp`, ALPINE)
407
		imageName := "testimg"
408
		podmanTest.BuildImage(dockerfile, imageName, "false")
409


410
		// Verify that the buildah is just passing through the EXPOSE keys
411
		inspect := podmanTest.Podman([]string{"inspect", imageName})
412
		inspect.WaitWithDefaultTimeout()
413
		image := inspect.InspectImageJSON()
414
		Expect(image).To(HaveLen(1))
415
		Expect(image[0].Config.ExposedPorts).To(HaveLen(3))
416
		Expect(image[0].Config.ExposedPorts).To(HaveKey("2002/tcp"))
417
		Expect(image[0].Config.ExposedPorts).To(HaveKey("2001-2003/tcp"))
418
		Expect(image[0].Config.ExposedPorts).To(HaveKey("2004-2005/tcp"))
419


420
		containerName := "testcontainer"
421
		session := podmanTest.Podman([]string{"create", "--publish-all", "--name", containerName, imageName, "true"})
422
		session.WaitWithDefaultTimeout()
423
		inspectOut := podmanTest.InspectContainer(containerName)
424
		Expect(inspectOut).To(HaveLen(1))
425


426
		// Inspect the network settings with available ports to be mapped to the host
427
		// Don't need to verity HostConfig.PortBindings since we used --publish-all
428
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(5))
429
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2001/tcp"))
430
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2002/tcp"))
431
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2003/tcp"))
432
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2004/tcp"))
433
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("2005/tcp"))
434
		Expect(inspectOut[0].HostConfig.PublishAllPorts).To(BeTrue())
435
	})
436


437
	It("podman run -p 127.0.0.1::8980/udp", func() {
438
		name := "testctr"
439
		session := podmanTest.Podman([]string{"create", "-t", "-p", "127.0.0.1::8980/udp", "--name", name, ALPINE, "/bin/sh"})
440
		session.WaitWithDefaultTimeout()
441
		inspectOut := podmanTest.InspectContainer(name)
442
		Expect(inspectOut).To(HaveLen(1))
443
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
444
		Expect(inspectOut[0].NetworkSettings.Ports["8980/udp"]).To(HaveLen(1))
445
		Expect(inspectOut[0].NetworkSettings.Ports["8980/udp"][0].HostPort).To(Not(Equal("8980")))
446
		Expect(inspectOut[0].NetworkSettings.Ports["8980/udp"][0]).To(HaveField("HostIP", "127.0.0.1"))
447
	})
448


449
	It("podman run -p :8181", func() {
450
		name := "testctr"
451
		session := podmanTest.Podman([]string{"create", "-t", "-p", ":8181", "--name", name, ALPINE, "/bin/sh"})
452
		session.WaitWithDefaultTimeout()
453
		inspectOut := podmanTest.InspectContainer(name)
454
		Expect(inspectOut).To(HaveLen(1))
455
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
456
		Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"]).To(HaveLen(1))
457
		Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"][0].HostPort).To(Not(Equal("8181")))
458
		Expect(inspectOut[0].NetworkSettings.Ports["8181/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
459
	})
460


461
	It("podman run -p xxx:8080 -p yyy:8080", func() {
462
		name := "testctr"
463
		session := podmanTest.Podman([]string{"create", "-t", "-p", "4444:8080", "-p", "5555:8080", "--name", name, ALPINE, "/bin/sh"})
464
		session.WaitWithDefaultTimeout()
465
		inspectOut := podmanTest.InspectContainer(name)
466
		Expect(inspectOut).To(HaveLen(1))
467
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
468
		Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"]).To(HaveLen(2))
469


470
		hp1 := inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostPort
471
		hp2 := inspectOut[0].NetworkSettings.Ports["8080/tcp"][1].HostPort
472


473
		// We can't guarantee order
474
		Expect((hp1 == "4444" && hp2 == "5555") || (hp1 == "5555" && hp2 == "4444")).To(BeTrue())
475
	})
476


477
	It("podman run -p 0.0.0.0:9280:80", func() {
478
		name := "testctr"
479
		session := podmanTest.Podman([]string{"create", "-t", "-p", "0.0.0.0:9280:80", "--name", name, ALPINE, "/bin/sh"})
480
		session.WaitWithDefaultTimeout()
481
		inspectOut := podmanTest.InspectContainer(name)
482
		Expect(inspectOut).To(HaveLen(1))
483
		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
484
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"]).To(HaveLen(1))
485
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostPort", "9280"))
486
		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0"))
487
	})
488


489
	It("podman run network expose host port 80 to container port", func() {
490
		SkipIfRootless("iptables is not supported for rootless users")
491
		port1 := GetPort()
492
		port2 := GetPort()
493
		session := podmanTest.Podman([]string{"run", "-dt", "-p", fmt.Sprintf("%d:%d", port1, port2), ALPINE, "/bin/sh"})
494
		session.WaitWithDefaultTimeout()
495
		Expect(session).Should(ExitCleanly())
496
		results := SystemExec("iptables", []string{"-t", "nat", "-nvL"})
497
		Expect(results).Should(ExitCleanly())
498
		Expect(results.OutputToString()).To(ContainSubstring(strconv.Itoa(port2)))
499


500
		ncBusy := SystemExec("nc", []string{"-l", "-p", strconv.Itoa(port1)})
501
		Expect(ncBusy).To(ExitWithError())
502
	})
503


504
	It("podman run network expose host port 18081 to container port 8000 using rootlesskit port handler", func() {
505
		port1 := GetPort()
506
		port2 := GetPort()
507
		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=rootlesskit", "-dt", "-p", fmt.Sprintf("%d:%d", port2, port1), ALPINE, "/bin/sh"})
508
		session.WaitWithDefaultTimeout()
509
		Expect(session).Should(ExitCleanly())
510


511
		ncBusy := SystemExec("nc", []string{"-l", "-p", strconv.Itoa(port2)})
512
		Expect(ncBusy).To(ExitWithError())
513
	})
514


515
	It("podman run slirp4netns verify net.ipv6.conf.default.accept_dad=0", func() {
516
		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:enable_ipv6=true", ALPINE, "ip", "addr"})
517
		session.WaitWithDefaultTimeout()
518
		Expect(session).Should(ExitCleanly())
519
		// check the ipv6 setup id done without delay (https://github.com/containers/podman/issues/11062)
520
		Expect(session.OutputToString()).To(ContainSubstring("inet6 fd00::"))
521


522
		const ipv6ConfDefaultAcceptDadSysctl = "/proc/sys/net/ipv6/conf/all/accept_dad"
523


524
		cat := SystemExec("cat", []string{ipv6ConfDefaultAcceptDadSysctl})
525
		cat.WaitWithDefaultTimeout()
526
		Expect(cat).Should(ExitCleanly())
527
		sysctlValue := cat.OutputToString()
528


529
		session = podmanTest.Podman([]string{"run", "--network", "slirp4netns:enable_ipv6=true", ALPINE, "cat", ipv6ConfDefaultAcceptDadSysctl})
530
		session.WaitWithDefaultTimeout()
531
		Expect(session).Should(ExitCleanly())
532
		Expect(session.OutputToString()).To(Equal(sysctlValue))
533
	})
534


535
	It("podman run network expose host port 18082 to container port 8000 using slirp4netns port handler", func() {
536
		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=slirp4netns", "-dt", "-p", "18082:8000", ALPINE, "/bin/sh"})
537
		session.Wait(30)
538
		Expect(session).Should(ExitCleanly())
539
		ncBusy := SystemExec("nc", []string{"-l", "-p", "18082"})
540
		Expect(ncBusy).To(ExitWithError())
541
	})
542


543
	It("podman run network expose host port 8080 to container port 8000 using invalid port handler", func() {
544
		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=invalid", "-dt", "-p", "8080:8000", ALPINE, "/bin/sh"})
545
		session.Wait(30)
546
		Expect(session).To(ExitWithError())
547
	})
548


549
	It("podman run slirp4netns network with host loopback", func() {
550
		session := podmanTest.Podman([]string{"run", "--cap-add", "net_raw", "--network", "slirp4netns:allow_host_loopback=true", ALPINE, "ping", "-c1", "10.0.2.2"})
551
		session.Wait(30)
552
		Expect(session).Should(ExitCleanly())
553
	})
554


555
	It("podman run slirp4netns network with mtu", func() {
556
		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:mtu=9000", ALPINE, "ip", "addr"})
557
		session.Wait(30)
558
		Expect(session).Should(ExitCleanly())
559
		Expect(session.OutputToString()).To(ContainSubstring("mtu 9000"))
560
	})
561


562
	It("podman run slirp4netns network with different cidr", func() {
563
		slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
564
		Expect(slirp4netnsHelp).Should(ExitCleanly())
565


566
		networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true"
567
		session := podmanTest.Podman([]string{"run", "--cap-add", "net_raw", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"})
568
		session.Wait(30)
569


570
		if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") {
571
			Expect(session).Should(ExitCleanly())
572
		} else {
573
			Expect(session).To(ExitWithError())
574
			Expect(session.ErrorToString()).To(ContainSubstring("cidr not supported"))
575
		}
576
	})
577


578
	It("podman run network bind to 127.0.0.1", func() {
579
		slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
580
		Expect(slirp4netnsHelp).Should(ExitCleanly())
581
		networkConfiguration := "slirp4netns:outbound_addr=127.0.0.1,allow_host_loopback=true"
582
		port := strconv.Itoa(GetPort())
583


584
		if strings.Contains(slirp4netnsHelp.OutputToString(), "outbound-addr") {
585
			ncListener := StartSystemExec("nc", []string{"-v", "-n", "-l", "-p", port})
586
			session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, "-dt", ALPINE, "nc", "-w", "2", "10.0.2.2", port})
587
			session.WaitWithDefaultTimeout()
588
			ncListener.WaitWithDefaultTimeout()
589


590
			Expect(session).Should(ExitCleanly())
591
			Expect(ncListener).Should(Exit(0))
592
			Expect(ncListener.ErrorToString()).To(ContainSubstring("Connection from 127.0.0.1"))
593
		} else {
594
			session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, "-dt", ALPINE, "nc", "-w", "2", "10.0.2.2", port})
595
			session.WaitWithDefaultTimeout()
596
			Expect(session).To(ExitWithError())
597
			Expect(session.ErrorToString()).To(ContainSubstring("outbound_addr not supported"))
598
		}
599
	})
600


601
	It("podman run network bind to HostIP", func() {
602
		// Determine our likeliest outgoing IP address
603
		conn, err := net.Dial("udp", "8.8.8.8:80")
604
		Expect(err).ToNot(HaveOccurred())
605


606
		defer conn.Close()
607
		ip := conn.LocalAddr().(*net.UDPAddr).IP
608
		port := strconv.Itoa(GetPort())
609


610
		slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
611
		Expect(slirp4netnsHelp).Should(ExitCleanly())
612
		networkConfiguration := fmt.Sprintf("slirp4netns:outbound_addr=%s,allow_host_loopback=true", ip.String())
613


614
		if strings.Contains(slirp4netnsHelp.OutputToString(), "outbound-addr") {
615
			ncListener := StartSystemExec("nc", []string{"-v", "-n", "-l", "-p", port})
616
			session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "nc", "-w", "2", "10.0.2.2", port})
617
			session.Wait(30)
618
			ncListener.Wait(30)
619


620
			Expect(session).Should(ExitCleanly())
621
			Expect(ncListener).Should(Exit(0))
622
			Expect(ncListener.ErrorToString()).To(ContainSubstring("Connection from " + ip.String()))
623
		} else {
624
			session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "nc", "-w", "2", "10.0.2.2", port})
625
			session.Wait(30)
626
			Expect(session).To(ExitWithError())
627
			Expect(session.ErrorToString()).To(ContainSubstring("outbound_addr not supported"))
628
		}
629
	})
630


631
	It("podman run network expose ports in image metadata", func() {
632
		session := podmanTest.Podman([]string{"create", "--name", "test", "-t", "-P", NGINX_IMAGE})
633
		session.WaitWithDefaultTimeout()
634
		Expect(session).Should(ExitCleanly())
635
		results := podmanTest.Podman([]string{"inspect", "test"})
636
		results.WaitWithDefaultTimeout()
637
		Expect(results).Should(ExitCleanly())
638
		Expect(results.OutputToString()).To(ContainSubstring(`"80/tcp":`))
639
	})
640


641
	It("podman run network expose duplicate host port results in error", func() {
642
		port := "8190" // Make sure this isn't used anywhere else
643


644
		session := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", port, ALPINE, "/bin/sh"})
645
		session.WaitWithDefaultTimeout()
646
		Expect(session).Should(ExitCleanly())
647


648
		inspect := podmanTest.Podman([]string{"inspect", "test"})
649
		inspect.WaitWithDefaultTimeout()
650
		Expect(inspect).Should(ExitCleanly())
651


652
		containerConfig := inspect.InspectContainerToJSON()
653
		Expect(containerConfig[0].NetworkSettings.Ports).To(Not(BeNil()))
654
		Expect(containerConfig[0].NetworkSettings.Ports).To(HaveKeyWithValue(port+"/tcp", Not(BeNil())))
655
		Expect(containerConfig[0].NetworkSettings.Ports[port+"/tcp"][0].HostPort).ToNot(Equal(port))
656
	})
657


658
	It("podman run forward sctp protocol", func() {
659
		SkipIfRootless("sctp protocol only works as root")
660
		session := podmanTest.Podman([]string{"--log-level=info", "run", "--name=test", "-p", "80/sctp", "-p", "81/sctp", ALPINE})
661
		session.WaitWithDefaultTimeout()
662
		Expect(session).Should(Exit(0))
663
		// we can only check logrus on local podman
664
		if !IsRemote() {
665
			// check that the info message for sctp protocol is only displayed once
666
			Expect(strings.Count(session.ErrorToString(), "Port reservation for SCTP is not supported")).To(Equal(1), "`Port reservation for SCTP is not supported` is not displayed exactly one time in the logrus logs")
667
		}
668
		results := podmanTest.Podman([]string{"inspect", "test"})
669
		results.WaitWithDefaultTimeout()
670
		Expect(results).Should(ExitCleanly())
671
		Expect(results.OutputToString()).To(ContainSubstring(`"80/sctp":`))
672
		Expect(results.OutputToString()).To(ContainSubstring(`"81/sctp":`))
673
	})
674


675
	It("podman run hostname test", func() {
676
		session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "printenv", "HOSTNAME"})
677
		session.WaitWithDefaultTimeout()
678
		Expect(session).Should(ExitCleanly())
679
		Expect(session.OutputToString()).To(Not(ContainSubstring(hostname)))
680
	})
681


682
	It("podman run --net host hostname test", func() {
683
		session := podmanTest.Podman([]string{"run", "--rm", "--net", "host", ALPINE, "printenv", "HOSTNAME"})
684
		session.WaitWithDefaultTimeout()
685
		Expect(session).Should(ExitCleanly())
686
		Expect(session.OutputToString()).To(ContainSubstring(hostname))
687
	})
688
	It("podman run --net host --uts host hostname test", func() {
689
		session := podmanTest.Podman([]string{"run", "--rm", "--net", "host", "--uts", "host", ALPINE, "printenv", "HOSTNAME"})
690
		session.WaitWithDefaultTimeout()
691
		Expect(session).Should(ExitCleanly())
692
		Expect(session.OutputToString()).To(ContainSubstring(hostname))
693
	})
694
	It("podman run --uts host hostname test", func() {
695
		session := podmanTest.Podman([]string{"run", "--rm", "--uts", "host", ALPINE, "printenv", "HOSTNAME"})
696
		session.WaitWithDefaultTimeout()
697
		Expect(session).Should(ExitCleanly())
698
		Expect(session.OutputToString()).To(ContainSubstring(hostname))
699
	})
700


701
	It("podman run --net host --hostname ... hostname test", func() {
702
		session := podmanTest.Podman([]string{"run", "--rm", "--net", "host", "--hostname", "foobar", ALPINE, "printenv", "HOSTNAME"})
703
		session.WaitWithDefaultTimeout()
704
		Expect(session).Should(ExitCleanly())
705
		Expect(session.OutputToString()).To(ContainSubstring("foobar"))
706
	})
707


708
	It("podman run --hostname ... hostname test", func() {
709
		session := podmanTest.Podman([]string{"run", "--rm", "--hostname", "foobar", ALPINE, "printenv", "HOSTNAME"})
710
		session.WaitWithDefaultTimeout()
711
		Expect(session).Should(ExitCleanly())
712
		Expect(session.OutputToString()).To(ContainSubstring("foobar"))
713
	})
714


715
	It("podman run --net container: and --uts container:", func() {
716
		ctrName := "ctrToJoin"
717
		ctr1 := podmanTest.RunTopContainer(ctrName)
718
		ctr1.WaitWithDefaultTimeout()
719
		Expect(ctr1).Should(ExitCleanly())
720


721
		ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--uts=container:" + ctrName, ALPINE, "true"})
722
		ctr2.WaitWithDefaultTimeout()
723
		Expect(ctr2).Should(ExitCleanly())
724
	})
725


726
	It("podman run --net container: and --add-host should fail", func() {
727
		ctrName := "ctrToJoin"
728
		ctr1 := podmanTest.RunTopContainer(ctrName)
729
		ctr1.WaitWithDefaultTimeout()
730
		Expect(ctr1).Should(ExitCleanly())
731


732
		ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--add-host", "host1:127.0.0.1", ALPINE, "true"})
733
		ctr2.WaitWithDefaultTimeout()
734
		Expect(ctr2).Should(ExitWithError())
735
		Expect(ctr2.ErrorToString()).Should(ContainSubstring("cannot set extra host entries when the container is joined to another containers network namespace: invalid configuration"))
736
	})
737


738
	It("podman run --net container: copies hosts and resolv", func() {
739
		ctrName := "ctr1"
740
		ctr1 := podmanTest.RunTopContainer(ctrName)
741
		ctr1.WaitWithDefaultTimeout()
742
		Expect(ctr1).Should(ExitCleanly())
743


744
		// Exec in and modify /etc/resolv.conf and /etc/hosts
745
		exec1 := podmanTest.Podman([]string{"exec", ctrName, "sh", "-c", "echo nameserver 192.0.2.1 > /etc/resolv.conf"})
746
		exec1.WaitWithDefaultTimeout()
747
		Expect(exec1).Should(ExitCleanly())
748


749
		exec2 := podmanTest.Podman([]string{"exec", ctrName, "sh", "-c", "echo 192.0.2.2 test1 > /etc/hosts"})
750
		exec2.WaitWithDefaultTimeout()
751
		Expect(exec2).Should(ExitCleanly())
752


753
		ctrName2 := "ctr2"
754
		ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--name", ctrName2, ALPINE, "top"})
755
		ctr2.WaitWithDefaultTimeout()
756
		Expect(ctr2).Should(ExitCleanly())
757


758
		exec3 := podmanTest.Podman([]string{"exec", ctrName2, "cat", "/etc/resolv.conf"})
759
		exec3.WaitWithDefaultTimeout()
760
		Expect(exec3).Should(ExitCleanly())
761
		Expect(exec3.OutputToString()).To(ContainSubstring("nameserver 192.0.2.1"))
762


763
		exec4 := podmanTest.Podman([]string{"exec", ctrName2, "cat", "/etc/hosts"})
764
		exec4.WaitWithDefaultTimeout()
765
		Expect(exec4).Should(ExitCleanly())
766
		Expect(exec4.OutputToString()).To(ContainSubstring("192.0.2.2 test1"))
767
	})
768


769
	It("podman run /etc/hosts contains --hostname", func() {
770
		session := podmanTest.Podman([]string{"run", "--rm", "--hostname", "foohostname", ALPINE, "grep", "foohostname", "/etc/hosts"})
771
		session.WaitWithDefaultTimeout()
772
		Expect(session).Should(ExitCleanly())
773
	})
774


775
	It("podman run --uidmap /etc/hosts contains --hostname", func() {
776
		SkipIfRootless("uidmap population of cninetworks not supported for rootless users")
777
		session := podmanTest.Podman([]string{"run", "--uidmap", "0:100000:1000", "--rm", "--hostname", "foohostname", ALPINE, "grep", "foohostname", "/etc/hosts"})
778
		session.WaitWithDefaultTimeout()
779
		Expect(session).Should(ExitCleanly())
780


781
		session = podmanTest.Podman([]string{"run", "--uidmap", "0:100000:1000", "--rm", "--hostname", "foohostname", "-v", "/etc/hosts:/etc/hosts", ALPINE, "grep", "foohostname", "/etc/hosts"})
782
		session.WaitWithDefaultTimeout()
783
		Expect(session).Should(Exit(1))
784
	})
785


786
	It("podman run network in user created network namespace", func() {
787
		SkipIfRootless("ip netns is not supported for rootless users")
788
		if Containerized() {
789
			Skip("Cannot be run within a container.")
790
		}
791
		addXXX := SystemExec("ip", []string{"netns", "add", "xxx"})
792
		Expect(addXXX).Should(ExitCleanly())
793
		defer func() {
794
			delXXX := SystemExec("ip", []string{"netns", "delete", "xxx"})
795
			Expect(delXXX).Should(ExitCleanly())
796
		}()
797


798
		session := podmanTest.Podman([]string{"run", "-dt", "--net", "ns:/run/netns/xxx", ALPINE, "wget", "www.redhat.com"})
799
		session.Wait(90)
800
		Expect(session).Should(ExitCleanly())
801
	})
802


803
	It("podman run n user created network namespace with resolv.conf", func() {
804
		SkipIfRootless("ip netns is not supported for rootless users")
805
		if Containerized() {
806
			Skip("Cannot be run within a container.")
807
		}
808
		addXXX2 := SystemExec("ip", []string{"netns", "add", "xxx2"})
809
		Expect(addXXX2).Should(ExitCleanly())
810
		defer func() {
811
			delXXX2 := SystemExec("ip", []string{"netns", "delete", "xxx2"})
812
			Expect(delXXX2).Should(ExitCleanly())
813
		}()
814


815
		mdXXX2 := SystemExec("mkdir", []string{"-p", "/etc/netns/xxx2"})
816
		Expect(mdXXX2).Should(ExitCleanly())
817
		defer os.RemoveAll("/etc/netns/xxx2")
818


819
		nsXXX2 := SystemExec("bash", []string{"-c", "echo nameserver 11.11.11.11 > /etc/netns/xxx2/resolv.conf"})
820
		Expect(nsXXX2).Should(ExitCleanly())
821


822
		session := podmanTest.Podman([]string{"run", "--net", "ns:/run/netns/xxx2", ALPINE, "cat", "/etc/resolv.conf"})
823
		session.Wait(90)
824
		Expect(session).Should(ExitCleanly())
825
		Expect(session.OutputToString()).To(ContainSubstring("11.11.11.11"))
826
	})
827


828
	addAddr := func(cidr string, containerInterface netlink.Link) error {
829
		_, ipnet, err := net.ParseCIDR(cidr)
830
		Expect(err).ToNot(HaveOccurred())
831
		addr := &netlink.Addr{IPNet: ipnet, Label: ""}
832
		if err := netlink.AddrAdd(containerInterface, addr); err != nil && err != syscall.EEXIST {
833
			return err
834
		}
835
		return nil
836
	}
837


838
	loopbackup := func() {
839
		lo, err := netlink.LinkByName("lo")
840
		Expect(err).ToNot(HaveOccurred())
841
		err = netlink.LinkSetUp(lo)
842
		Expect(err).ToNot(HaveOccurred())
843
	}
844


845
	linkup := func(name string, mac string, addresses []string) {
846
		linkAttr := netlink.NewLinkAttrs()
847
		linkAttr.Name = name
848
		m, err := net.ParseMAC(mac)
849
		Expect(err).ToNot(HaveOccurred())
850
		linkAttr.HardwareAddr = m
851
		eth := &netlink.Dummy{LinkAttrs: linkAttr}
852
		err = netlink.LinkAdd(eth)
853
		Expect(err).ToNot(HaveOccurred())
854
		err = netlink.LinkSetUp(eth)
855
		Expect(err).ToNot(HaveOccurred())
856
		for _, address := range addresses {
857
			err := addAddr(address, eth)
858
			Expect(err).ToNot(HaveOccurred())
859
		}
860
	}
861


862
	routeAdd := func(gateway string) {
863
		gw := net.ParseIP(gateway)
864
		route := &netlink.Route{Dst: nil, Gw: gw}
865
		err = netlink.RouteAdd(route)
866
		Expect(err).ToNot(HaveOccurred())
867
	}
868


869
	setupNetworkNs := func(networkNSName string) {
870
		_ = ns.WithNetNSPath("/run/netns/"+networkNSName, func(_ ns.NetNS) error {
871
			loopbackup()
872
			linkup("eth0", "46:7f:45:6e:4f:c8", []string{"10.25.40.0/24", "fd04:3e42:4a4e:3381::/64"})
873
			linkup("eth1", "56:6e:35:5d:3e:a8", []string{"10.88.0.0/16"})
874


875
			routeAdd("10.25.40.0")
876
			return nil
877
		})
878
	}
879


880
	checkNetworkNsInspect := func(name string) {
881
		inspectOut := podmanTest.InspectContainer(name)
882
		Expect(inspectOut[0].NetworkSettings).To(HaveField("IPAddress", "10.25.40.0"))
883
		Expect(inspectOut[0].NetworkSettings).To(HaveField("IPPrefixLen", 24))
884
		Expect(inspectOut[0].NetworkSettings.SecondaryIPAddresses).To(HaveLen(1))
885
		Expect(inspectOut[0].NetworkSettings.SecondaryIPAddresses[0]).To(HaveField("Addr", "10.88.0.0"))
886
		Expect(inspectOut[0].NetworkSettings.SecondaryIPAddresses[0]).To(HaveField("PrefixLength", 16))
887
		Expect(inspectOut[0].NetworkSettings).To(HaveField("GlobalIPv6Address", "fd04:3e42:4a4e:3381::"))
888
		Expect(inspectOut[0].NetworkSettings).To(HaveField("GlobalIPv6PrefixLen", 64))
889
		Expect(inspectOut[0].NetworkSettings.SecondaryIPv6Addresses).To(BeEmpty())
890
		Expect(inspectOut[0].NetworkSettings).To(HaveField("MacAddress", "46:7f:45:6e:4f:c8"))
891
		Expect(inspectOut[0].NetworkSettings.AdditionalMacAddresses).To(HaveLen(1))
892
		Expect(inspectOut[0].NetworkSettings.AdditionalMacAddresses[0]).To(Equal("56:6e:35:5d:3e:a8"))
893
		Expect(inspectOut[0].NetworkSettings).To(HaveField("Gateway", "10.25.40.0"))
894


895
	}
896


897
	It("podman run network inspect fails gracefully on non-reachable network ns", func() {
898
		SkipIfRootless("ip netns is not supported for rootless users")
899


900
		networkNSName := RandomString(12)
901
		addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName})
902
		Expect(addNamedNetwork).Should(ExitCleanly())
903


904
		setupNetworkNs(networkNSName)
905


906
		name := RandomString(12)
907
		session := podmanTest.Podman([]string{"run", "-d", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"})
908
		session.WaitWithDefaultTimeout()
909


910
		// delete the named network ns before inspect
911
		delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName})
912
		Expect(delNetworkNamespace).Should(ExitCleanly())
913


914
		inspectOut := podmanTest.InspectContainer(name)
915
		Expect(inspectOut[0].NetworkSettings).To(HaveField("IPAddress", ""))
916
		Expect(inspectOut[0].NetworkSettings.Networks).To(BeEmpty())
917
	})
918


919
	It("podman inspect can handle joined network ns with multiple interfaces", func() {
920
		SkipIfRootless("ip netns is not supported for rootless users")
921


922
		networkNSName := RandomString(12)
923
		addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName})
924
		Expect(addNamedNetwork).Should(ExitCleanly())
925
		defer func() {
926
			delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName})
927
			Expect(delNetworkNamespace).Should(ExitCleanly())
928
		}()
929
		setupNetworkNs(networkNSName)
930


931
		name := RandomString(12)
932
		session := podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE})
933
		session.WaitWithDefaultTimeout()
934


935
		session = podmanTest.Podman([]string{"container", "rm", name})
936
		session.WaitWithDefaultTimeout()
937


938
		// no network teardown should touch joined network ns interfaces
939
		session = podmanTest.Podman([]string{"run", "-d", "--replace", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"})
940
		session.WaitWithDefaultTimeout()
941


942
		checkNetworkNsInspect(name)
943
	})
944


945
	It("podman do not tamper with joined network ns interfaces", func() {
946
		SkipIfRootless("ip netns is not supported for rootless users")
947


948
		networkNSName := RandomString(12)
949
		addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName})
950
		Expect(addNamedNetwork).Should(ExitCleanly())
951
		defer func() {
952
			delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName})
953
			Expect(delNetworkNamespace).Should(ExitCleanly())
954
		}()
955


956
		setupNetworkNs(networkNSName)
957


958
		name := RandomString(12)
959
		session := podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE})
960
		session.WaitWithDefaultTimeout()
961


962
		checkNetworkNsInspect(name)
963


964
		name = RandomString(12)
965
		session = podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE})
966
		session.WaitWithDefaultTimeout()
967


968
		checkNetworkNsInspect(name)
969


970
		// delete container, the network inspect should not change
971
		session = podmanTest.Podman([]string{"container", "rm", name})
972
		session.WaitWithDefaultTimeout()
973


974
		session = podmanTest.Podman([]string{"run", "-d", "--replace", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"})
975
		session.WaitWithDefaultTimeout()
976


977
		checkNetworkNsInspect(name)
978
	})
979


980
	It("podman run network in bogus user created network namespace", func() {
981
		session := podmanTest.Podman([]string{"run", "-dt", "--net", "ns:/run/netns/xxy", ALPINE, "wget", "www.redhat.com"})
982
		session.Wait(90)
983
		Expect(session).To(ExitWithError())
984
		Expect(session.ErrorToString()).To(ContainSubstring("faccessat /run/netns/xxy: no such file or directory"))
985
	})
986


987
	It("podman run in custom CNI network with --static-ip", func() {
988
		netName := stringid.GenerateRandomID()
989
		ipAddr := "10.25.30.128"
990
		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
991
		create.WaitWithDefaultTimeout()
992
		Expect(create).Should(ExitCleanly())
993
		defer podmanTest.removeNetwork(netName)
994


995
		run := podmanTest.Podman([]string{"run", "--rm", "--net", netName, "--ip", ipAddr, ALPINE, "ip", "addr"})
996
		run.WaitWithDefaultTimeout()
997
		Expect(run).Should(ExitCleanly())
998
		Expect(run.OutputToString()).To(ContainSubstring(ipAddr))
999
	})
1000


1001
	It("podman network works across user ns", func() {
1002
		netName := createNetworkName("")
1003
		create := podmanTest.Podman([]string{"network", "create", netName})
1004
		create.WaitWithDefaultTimeout()
1005
		Expect(create).Should(ExitCleanly())
1006
		defer podmanTest.removeNetwork(netName)
1007


1008
		name := "nc-server"
1009
		run := podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "-d", "--name", name, "--net", netName, ALPINE, "nc", "-l", "-p", "9480"})
1010
		run.WaitWithDefaultTimeout()
1011
		Expect(run).Should(ExitCleanly())
1012


1013
		// NOTE: we force the k8s-file log driver to make sure the
1014
		// tests are passing inside a container.
1015
		// "sleep" needed to give aardvark-dns time to come up; #16272
1016
		run = podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "--rm", "--net", netName, "--uidmap", "0:1:4096", ALPINE, "sh", "-c", fmt.Sprintf("sleep 2;echo podman | nc -w 1 %s.dns.podman 9480", name)})
1017
		run.WaitWithDefaultTimeout()
1018
		Expect(run).Should(ExitCleanly())
1019


1020
		log := podmanTest.Podman([]string{"logs", name})
1021
		log.WaitWithDefaultTimeout()
1022
		Expect(log).Should(ExitCleanly())
1023
		Expect(log.OutputToString()).To(Equal("podman"))
1024
	})
1025


1026
	It("podman run with new:pod and static-ip", func() {
1027
		netName := stringid.GenerateRandomID()
1028
		ipAddr := "10.25.40.128"
1029
		podname := "testpod"
1030
		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.40.0/24", netName})
1031
		create.WaitWithDefaultTimeout()
1032
		Expect(create).Should(ExitCleanly())
1033
		defer podmanTest.removeNetwork(netName)
1034


1035
		run := podmanTest.Podman([]string{"run", "--rm", "--pod", "new:" + podname, "--net", netName, "--ip", ipAddr, ALPINE, "ip", "addr"})
1036
		run.WaitWithDefaultTimeout()
1037
		Expect(run).Should(ExitCleanly())
1038
		Expect(run.OutputToString()).To(ContainSubstring(ipAddr))
1039


1040
		podrm := podmanTest.Podman([]string{"pod", "rm", "-t", "0", "-f", podname})
1041
		podrm.WaitWithDefaultTimeout()
1042
		Expect(podrm).Should(ExitCleanly())
1043
	})
1044


1045
	It("podman run with --net=host and --hostname sets correct hostname", func() {
1046
		hostname := "testctr"
1047
		run := podmanTest.Podman([]string{"run", "--net=host", "--hostname", hostname, ALPINE, "hostname"})
1048
		run.WaitWithDefaultTimeout()
1049
		Expect(run).Should(ExitCleanly())
1050
		Expect(run.OutputToString()).To(ContainSubstring(hostname))
1051
	})
1052


1053
	It("podman run with --net=none sets hostname", func() {
1054
		hostname := "testctr"
1055
		run := podmanTest.Podman([]string{"run", "--net=none", "--hostname", hostname, ALPINE, "hostname"})
1056
		run.WaitWithDefaultTimeout()
1057
		Expect(run).Should(ExitCleanly())
1058
		Expect(run.OutputToString()).To(ContainSubstring(hostname))
1059
	})
1060


1061
	It("podman run with --net=none adds hostname to /etc/hosts", func() {
1062
		hostname := "testctr"
1063
		run := podmanTest.Podman([]string{"run", "--net=none", "--hostname", hostname, ALPINE, "cat", "/etc/hosts"})
1064
		run.WaitWithDefaultTimeout()
1065
		Expect(run).Should(ExitCleanly())
1066
		Expect(run.OutputToString()).To(ContainSubstring(hostname))
1067
	})
1068


1069
	It("podman run with pod does not add extra 127 entry to /etc/hosts", func() {
1070
		pod := "testpod"
1071
		hostname := "test-hostname"
1072
		run := podmanTest.Podman([]string{"pod", "create", "--hostname", hostname, "--name", pod})
1073
		run.WaitWithDefaultTimeout()
1074
		Expect(run).Should(ExitCleanly())
1075
		run = podmanTest.Podman([]string{"run", "--pod", pod, ALPINE, "cat", "/etc/hosts"})
1076
		run.WaitWithDefaultTimeout()
1077
		Expect(run).Should(ExitCleanly())
1078
		Expect(run.OutputToString()).ToNot(ContainSubstring("127.0.0.1 %s", hostname))
1079
	})
1080


1081
	pingTest := func(netns string) {
1082
		hostname := "testctr"
1083
		run := podmanTest.Podman([]string{"run", netns, "--cap-add", "net_raw", "--hostname", hostname, ALPINE, "ping", "-c", "1", hostname})
1084
		run.WaitWithDefaultTimeout()
1085
		Expect(run).Should(ExitCleanly())
1086


1087
		run = podmanTest.Podman([]string{"run", netns, "--cap-add", "net_raw", "--hostname", hostname, "--name", "test", ALPINE, "ping", "-c", "1", "test"})
1088
		run.WaitWithDefaultTimeout()
1089
		Expect(run).Should(ExitCleanly())
1090
	}
1091


1092
	It("podman attempt to ping container name and hostname --net=none", func() {
1093
		pingTest("--net=none")
1094
	})
1095


1096
	It("podman attempt to ping container name and hostname --net=private", func() {
1097
		pingTest("--net=private")
1098
	})
1099


1100
	It("podman run check dns", func() {
1101
		SkipIfCNI(podmanTest)
1102
		pod := "testpod"
1103
		session := podmanTest.Podman([]string{"pod", "create", "--name", pod})
1104
		session.WaitWithDefaultTimeout()
1105
		Expect(session).Should(ExitCleanly())
1106


1107
		net := createNetworkName("IntTest")
1108
		session = podmanTest.Podman([]string{"network", "create", net})
1109
		session.WaitWithDefaultTimeout()
1110
		defer podmanTest.removeNetwork(net)
1111
		Expect(session).Should(ExitCleanly())
1112


1113
		pod2 := "testpod2"
1114
		hostname := "hostn1"
1115
		session = podmanTest.Podman([]string{"pod", "create", "--network", net, "--name", pod2, "--hostname", hostname})
1116
		session.WaitWithDefaultTimeout()
1117
		Expect(session).Should(ExitCleanly())
1118


1119
		session = podmanTest.Podman([]string{"run", "--name", "con1", "--network", net, CITEST_IMAGE, "nslookup", "con1"})
1120
		session.WaitWithDefaultTimeout()
1121
		Expect(session).Should(ExitCleanly())
1122


1123
		session = podmanTest.Podman([]string{"run", "--name", "con2", "--pod", pod, "--network", net, CITEST_IMAGE, "nslookup", "con2"})
1124
		session.WaitWithDefaultTimeout()
1125
		Expect(session).Should(ExitCleanly())
1126


1127
		session = podmanTest.Podman([]string{"run", "--name", "con3", "--pod", pod2, CITEST_IMAGE, "nslookup", "con1"})
1128
		session.WaitWithDefaultTimeout()
1129
		Expect(session).Should(Exit(1))
1130
		Expect(session.OutputToString()).To(ContainSubstring("server can't find con1.dns.podman: NXDOMAIN"))
1131


1132
		session = podmanTest.Podman([]string{"run", "--name", "con4", "--network", net, CITEST_IMAGE, "nslookup", pod2 + ".dns.podman"})
1133
		session.WaitWithDefaultTimeout()
1134
		Expect(session).Should(ExitCleanly())
1135


1136
		session = podmanTest.Podman([]string{"run", "--network", net, CITEST_IMAGE, "nslookup", hostname})
1137
		session.WaitWithDefaultTimeout()
1138
		Expect(session).Should(ExitCleanly())
1139
	})
1140


1141
	It("podman network adds dns search domain with dns", func() {
1142
		net := createNetworkName("dnsname")
1143
		session := podmanTest.Podman([]string{"network", "create", net})
1144
		session.WaitWithDefaultTimeout()
1145
		defer podmanTest.removeNetwork(net)
1146
		Expect(session).Should(ExitCleanly())
1147


1148
		session = podmanTest.Podman([]string{"run", "--network", net, ALPINE, "cat", "/etc/resolv.conf"})
1149
		session.WaitWithDefaultTimeout()
1150
		Expect(session).Should(ExitCleanly())
1151
		Expect(session.OutputToString()).To(ContainSubstring("search dns.podman"))
1152
	})
1153


1154
	It("Rootless podman run with --net=bridge works and connects to default network", func() {
1155
		// This is harmless when run as root, so we'll just let it run.
1156
		ctrName := "testctr"
1157
		ctr := podmanTest.Podman([]string{"run", "-d", "--net=bridge", "--name", ctrName, ALPINE, "top"})
1158
		ctr.WaitWithDefaultTimeout()
1159
		Expect(ctr).Should(ExitCleanly())
1160


1161
		inspectOut := podmanTest.InspectContainer(ctrName)
1162
		Expect(inspectOut).To(HaveLen(1))
1163
		Expect(inspectOut[0].NetworkSettings.Networks).To(HaveLen(1))
1164
		Expect(inspectOut[0].NetworkSettings.Networks).To(HaveKey("podman"))
1165
	})
1166


1167
	// see https://github.com/containers/podman/issues/12972
1168
	It("podman run check network-alias works on networks without dns", func() {
1169
		net := "dns" + stringid.GenerateRandomID()
1170
		session := podmanTest.Podman([]string{"network", "create", "--disable-dns", net})
1171
		session.WaitWithDefaultTimeout()
1172
		defer podmanTest.removeNetwork(net)
1173
		Expect(session).Should(ExitCleanly())
1174


1175
		session = podmanTest.Podman([]string{"run", "--network", net, "--network-alias", "abcdef", ALPINE, "true"})
1176
		session.WaitWithDefaultTimeout()
1177
		Expect(session).Should(ExitCleanly())
1178
	})
1179


1180
	It("podman run with ipam none driver", func() {
1181
		net := "ipam" + stringid.GenerateRandomID()
1182
		session := podmanTest.Podman([]string{"network", "create", "--ipam-driver=none", net})
1183
		session.WaitWithDefaultTimeout()
1184
		defer podmanTest.removeNetwork(net)
1185
		Expect(session).Should(ExitCleanly())
1186


1187
		session = podmanTest.Podman([]string{"run", "--network", net, ALPINE, "ip", "addr", "show", "eth0"})
1188
		session.WaitWithDefaultTimeout()
1189
		Expect(session).Should(ExitCleanly())
1190
		Expect(session.OutputToStringArray()).To(HaveLen(4), "output should only show link local address")
1191
	})
1192


1193
	It("podman run with macvlan network", func() {
1194
		net := "mv-" + stringid.GenerateRandomID()
1195
		session := podmanTest.Podman([]string{"network", "create", "-d", "macvlan", "--subnet", "10.10.0.0/24", net})
1196
		session.WaitWithDefaultTimeout()
1197
		defer podmanTest.removeNetwork(net)
1198
		Expect(session).Should(ExitCleanly())
1199


1200
		// use options and search to make sure we get the same resolv.conf everywhere
1201
		run := podmanTest.Podman([]string{"run", "--network", net, "--dns", "127.0.0.128",
1202
			"--dns-option", "ndots:1", "--dns-search", ".", ALPINE, "cat", "/etc/resolv.conf"})
1203
		run.WaitWithDefaultTimeout()
1204
		Expect(run).Should(ExitCleanly())
1205
		Expect(string(run.Out.Contents())).To(Equal(`nameserver 127.0.0.128
1206
options ndots:1
1207
`))
1208
	})
1209
})
1210

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.