add network dns_bind_port setting and set NETAVARK_DNS_PORT from it

This commit allows using aardvark with an alternate port as per implementation in containers/netavark#323 Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
2022-07-07 09:11:25 +09:00 · 2022-07-07 09:11:25 +09:00 · 2e8943d3f7
parent 837a035e34
commit 2e8943d3f7
9 changed files with 46 additions and 0 deletions
--- a/common/docs/containers.conf.5.md
+++ b/common/docs/containers.conf.5.md
@ -359,6 +359,13 @@ and "$HOME/.config/cni/net.d" as rootless.
 For the netavark backend "/etc/containers/networks" is used as root
 and "$graphroot/networks" as rootless.

+**dns_bind_port**=53
+
+Port to use for dns forwarding daemon with netavark in rootful bridge
+mode and dns enabled.
+Using an alternate port might be useful if other dns services should
+run on the machine.
+
 ## ENGINE TABLE
 The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.

--- a/common/libnetwork/netavark/exec.go
+++ b/common/libnetwork/netavark/exec.go
@ -119,6 +119,9 @@ func (n *netavarkNetwork) execNetavark(args []string, stdin, result interface{})
 	if logrus.IsLevelEnabled(logrus.DebugLevel) {
 		cmd.Env = append(cmd.Env, "RUST_BACKTRACE=1")
 	}
+	if n.dnsBindPort != 0 {
+		cmd.Env = append(cmd.Env, "NETAVARK_DNS_PORT="+strconv.Itoa(int(n.dnsBindPort)))
+	}

 	err = cmd.Start()
 	if err != nil {
--- a/common/libnetwork/netavark/network.go
+++ b/common/libnetwork/netavark/network.go
@ -43,6 +43,9 @@ type netavarkNetwork struct {
 	// defaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
 	defaultsubnetPools []config.SubnetPool

+	// dnsBindPort is set the the port to pass to netavark for aardvark
+	dnsBindPort uint16
+
 	// ipamDBPath is the path to the ip allocation bolt db
 	ipamDBPath string

@ -80,6 +83,9 @@ type InitConfig struct {
 	// DefaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
 	DefaultsubnetPools []config.SubnetPool

+	// DNSBindPort is set the the port to pass to netavark for aardvark
+	DNSBindPort uint16
+
 	// Syslog describes whenever the netavark debbug output should be log to the syslog as well.
 	// This will use logrus to do so, make sure logrus is set up to log to the syslog.
 	Syslog bool
@ -131,6 +137,7 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		defaultNetwork:     defaultNetworkName,
 		defaultSubnet:      defaultNet,
 		defaultsubnetPools: defaultSubnetPools,
+		dnsBindPort:        conf.DNSBindPort,
 		lock:               lock,
 		syslog:             conf.Syslog,
 	}
--- a/common/libnetwork/network/interface.go
+++ b/common/libnetwork/network/interface.go
@ -84,6 +84,7 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 			DefaultNetwork:     conf.Network.DefaultNetwork,
 			DefaultSubnet:      conf.Network.DefaultSubnet,
 			DefaultsubnetPools: conf.Network.DefaultSubnetPools,
+			DNSBindPort:        conf.Network.DNSBindPort,
 			Syslog:             syslog,
 		})
 		return types.Netavark, netInt, err
--- a/common/pkg/config/config.go
+++ b/common/pkg/config/config.go
@ -532,6 +532,11 @@ type NetworkConfig struct {

 	// NetworkConfigDir is where network configuration files are stored.
 	NetworkConfigDir string `toml:"network_config_dir,omitempty"`
+
+	// DNSBindPort is the port that should be used by dns forwarding daemon
+	// for netavark rootful bridges with dns enabled. This can be necessary
+	// when other dns forwarders run on the machine. 53 is used if unset.
+	DNSBindPort uint16 `toml:"dns_bind_port,omitempty,omitzero"`
 }

 type SubnetPool struct {
--- a/common/pkg/config/config_local_test.go
+++ b/common/pkg/config/config_local_test.go
@ -134,6 +134,18 @@ var _ = Describe("Config Local", func() {
 		))
 	})

+	It("parse dns port", func() {
+		// Given
+		config, err := NewConfig("")
+		gomega.Expect(err).To(gomega.BeNil())
+		gomega.Expect(config.Network.DNSBindPort).To(gomega.Equal(uint16(0)))
+		// When
+		config2, err := NewConfig("testdata/containers_default.conf")
+		// Then
+		gomega.Expect(err).To(gomega.BeNil())
+		gomega.Expect(config2.Network.DNSBindPort).To(gomega.Equal(uint16(1153)))
+	})
+
 	It("should fail during runtime", func() {
 		validDirPath, err := ioutil.TempDir("", "config-empty")
 		if err != nil {
--- a/common/pkg/config/containers.conf
+++ b/common/pkg/config/containers.conf
@ -325,6 +325,13 @@ default_sysctls = [
 #
 #network_config_dir = "/etc/cni/net.d/"

+# Port to use for dns forwarding daemon with netavark in rootful bridge
+# mode and dns enabled.
+# Using an alternate port might be useful if other dns services should
+# run on the machine.
+#
+#dns_bind_port = 53
+
 [engine]
 # Index to the active service
 #
--- a/common/pkg/config/default.go
+++ b/common/pkg/config/default.go
@ -230,6 +230,7 @@ func DefaultConfig() (*Config, error) {
 			DefaultNetwork:     "podman",
 			DefaultSubnet:      DefaultSubnet,
 			DefaultSubnetPools: DefaultSubnetPools,
+			DNSBindPort:        0,
 			CNIPluginDirs:      DefaultCNIPluginDirs,
 		},
 		Engine:  *defaultEngineConfig,
--- a/common/pkg/config/testdata/containers_default.conf
+++ b/common/pkg/config/testdata/containers_default.conf
@ -109,6 +109,9 @@ network_config_dir = "/etc/cni/net.d/"

 default_subnet_pools = [{"base" = "10.89.0.0/16", "size" = 24}, {"base" = "10.90.0.0/15", "size" = 24}]

+# dns port for netavark/aardvark
+dns_bind_port = 1153
+
 [engine]

 # Cgroup management implementation used for the runtime.