diff --git a/containerd/containerd.go b/containerd/containerd.go index c32707a..a6fed4b 100644 --- a/containerd/containerd.go +++ b/containerd/containerd.go @@ -24,6 +24,7 @@ import ( "syscall" "time" + etchosts "github.com/Roblox/nomad-driver-containerd/etchosts" "github.com/containerd/containerd" "github.com/containerd/containerd/cio" "github.com/containerd/containerd/contrib/seccomp" @@ -185,6 +186,31 @@ func (d *Driver) createContainer(containerConfig *ContainerConfig, config *TaskC mounts = append(mounts, allocMount) } + var extraHostsMount specs.Mount + hostsFile := containerConfig.TaskDirSrc + "/etc_hosts" + if len(config.ExtraHosts) > 0 { + if config.HostNetwork { + if err := etchosts.CopyEtcHosts(hostsFile); err != nil { + return nil, err + } + } else { + if err := etchosts.BuildEtcHosts(hostsFile); err != nil { + return nil, err + } + } + if err := etchosts.AddExtraHosts(hostsFile, config.ExtraHosts); err != nil { + return nil, err + } + extraHostsMount = buildMountpoint("bind", "/etc/hosts", hostsFile, []string{"rbind", "rw"}) + mounts = append(mounts, extraHostsMount) + } else if !config.HostNetwork { + if err := etchosts.BuildEtcHosts(hostsFile); err != nil { + return nil, err + } + extraHostsMount = buildMountpoint("bind", "/etc/hosts", hostsFile, []string{"rbind", "rw"}) + mounts = append(mounts, extraHostsMount) + } + if len(mounts) > 0 { opts = append(opts, oci.WithMounts(mounts)) } diff --git a/containerd/driver.go b/containerd/driver.go index ce4b060..8230dcf 100644 --- a/containerd/driver.go +++ b/containerd/driver.go @@ -98,6 +98,7 @@ var ( hclspec.NewAttr("host_dns", "bool", false), hclspec.NewLiteral("true"), ), + "extra_hosts": hclspec.NewAttr("extra_hosts", "list(string)", false), "seccomp": hclspec.NewAttr("seccomp", "bool", false), "seccomp_profile": hclspec.NewAttr("seccomp_profile", "string", false), "readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false), @@ -154,6 +155,7 @@ type TaskConfig struct { SeccompProfile string `codec:"seccomp_profile"` Privileged bool `codec:"privileged"` HostDNS bool `codec:"host_dns"` + ExtraHosts []string `codec:"extra_hosts"` ReadOnlyRootfs bool `codec:"readonly_rootfs"` HostNetwork bool `codec:"host_network"` Mounts []Mount `codec:"mounts"` diff --git a/etchosts/etchosts.go b/etchosts/etchosts.go new file mode 100644 index 0000000..d67674a --- /dev/null +++ b/etchosts/etchosts.go @@ -0,0 +1,96 @@ +package etchosts + +import ( + "bytes" + "fmt" + "io" + "io/ioutil" + "os" + "strings" + + "github.com/docker/docker/opts" +) + +// Code referenced from https://github.com/moby/libnetwork/blob/master/etchosts/etchosts.go + +// Record Structure for a single host record +type Record struct { + Hosts string + IP string +} + +// WriteTo writes record to file and returns bytes written or error +func (r Record) WriteTo(w io.Writer) (int64, error) { + n, err := fmt.Fprintf(w, "%s\t%s\n", r.IP, r.Hosts) + return int64(n), err +} + +var ( + // Default hosts config records slice + defaultContent = []Record{ + {Hosts: "localhost", IP: "127.0.0.1"}, + {Hosts: "localhost ip6-localhost ip6-loopback", IP: "::1"}, + {Hosts: "ip6-localnet", IP: "fe00::0"}, + {Hosts: "ip6-mcastprefix", IP: "ff00::0"}, + {Hosts: "ip6-allnodes", IP: "ff02::1"}, + {Hosts: "ip6-allrouters", IP: "ff02::2"}, + } +) + +// BuildEtcHosts builds CONTAINER_TASK_DIR/etc_hosts with defaults. +func BuildEtcHosts(hostsFile string) error { + content := bytes.NewBuffer(nil) + + // Write defaultContent slice to buffer + for _, r := range defaultContent { + if _, err := r.WriteTo(content); err != nil { + return err + } + } + + return ioutil.WriteFile(hostsFile, content.Bytes(), 0644) +} + +// CopyEtcHosts copies /etc/hosts to CONTAINER_TASK_DIR/etc_hosts +func CopyEtcHosts(hostsFile string) error { + srcFile, err := os.Open("/etc/hosts") + if err != nil { + return err + } + defer srcFile.Close() + + destFile, err := os.Create(hostsFile) + if err != nil { + return err + } + defer destFile.Close() + + _, err = io.Copy(destFile, srcFile) + if err != nil { + return err + } + return nil +} + +// AddExtraHosts add hosts, given as name:IP to container /etc/hosts. +func AddExtraHosts(hostsFile string, extraHosts []string) error { + fd, err := os.OpenFile(hostsFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) + if err != nil { + return err + } + defer fd.Close() + + for _, extraHost := range extraHosts { + // allow IPv6 addresses in extra hosts; only split on first ":" + if _, err := opts.ValidateExtraHost(extraHost); err != nil { + return err + } + + hostnameIP := strings.SplitN(extraHost, ":", 2) + msg := fmt.Sprintf("%s\t%s\n", hostnameIP[1], hostnameIP[0]) + if _, err := fd.WriteString(msg); err != nil { + return err + } + } + return nil +} diff --git a/go.mod b/go.mod index 18ceeb2..7c86d1a 100644 --- a/go.mod +++ b/go.mod @@ -18,6 +18,7 @@ require ( github.com/coreos/go-iptables v0.4.3 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect + github.com/docker/docker v17.12.0-ce-rc1.0.20200330121334-7f8b4b621b5d+incompatible github.com/docker/docker-credential-helpers v0.6.3 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-metrics v0.0.1 // indirect diff --git a/go.sum b/go.sum index 87a4f0f..c33d2dd 100644 --- a/go.sum +++ b/go.sum @@ -192,8 +192,10 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= +github.com/coreos/go-systemd/v22 v22.1.0 h1:kq/SbG2BCKLkDKkjQf5OWwKWUKj1lgs3lFI4PxnR5lg= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= @@ -202,6 +204,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= +github.com/cyphar/filepath-securejoin v0.2.3-0.20190205144030-7efe413b52e1 h1:dCqRswe3ZAwkQWdvFLwRqmJCpGP3DWb7bFogdqY3+QU= github.com/cyphar/filepath-securejoin v0.2.3-0.20190205144030-7efe413b52e1/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= @@ -306,7 +309,9 @@ github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3a github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= +github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4= github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= +github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/googleapis v1.1.0 h1:kFkMAZBNAn4j7K0GiZr8cRYzejq68VbheufiV3YuyFI= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=