Upgrade gvisor. Use NAT to allow the VM to reach host services.#7
Upgrade gvisor. Use NAT to allow the VM to reach host services.#7guillaumerose merged 5 commits intocontainers:masterfrom
Conversation
ARP addresses are not necessary now. Routes are immutable hence the new function to call.
cfergeau
left a comment
There was a problem hiding this comment.
s/listenning/listening in one of the logs.
Looks good given my limited knowledge of gvisor/...
| { | ||
| Name: "host", | ||
| IP: net.ParseIP(virtualHostIP), | ||
| }, |
There was a problem hiding this comment.
Why do we want to be able to use host.api.testing to reach the host though?
There was a problem hiding this comment.
Sometimes when developing the user might want to reach services running on the host.
When using traditional networking, the user take a good known IP and it works. I guess 192.168.130.1 for crc+libvirt.
With vsock, we need to create a virtual IP. Having a DNS name for that, it's just more convenient.
There was a problem hiding this comment.
I guess this will need documentation at some point, as people won't find it by themselves. Can you add this rationale to the commit log, and maybe explicitly mention the virtual host IP in addition to the hostname?
Edit: I see just now there was a sample in the PR description, which shows how much attention I am paying to these ^^
| { | ||
| Name: "host", | ||
| IP: net.ParseIP(virtualHostIP), | ||
| }, |
There was a problem hiding this comment.
I guess this will need documentation at some point, as people won't find it by themselves. Can you add this rationale to the commit log, and maybe explicitly mention the virtual host IP in addition to the hostname?
Edit: I see just now there was a sample in the PR description, which shows how much attention I am paying to these ^^
cmd/host/main.go
Outdated
| ":2222": "192.168.127.2:22", | ||
| }, | ||
| NAT: map[tcpip.Address]tcpip.Address{ | ||
| tcpip.Address(net.ParseIP(virtualHostIP).To4()): tcpip.Address(net.ParseIP("127.0.0.1").To4()), |
There was a problem hiding this comment.
Can you extract the localhost value or use a constant defined by Golang?
There was a problem hiding this comment.
I used a map[string]string, it's easier to read. I couldn't find a constant for 127.0.0.1 in golang, nor gvisor. Keep it as it is. It's just demo code here.
The user can now use host.crc.testing DNS name to reach a service on the host. Example: (host) $ python3 -m http.server Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ... (vm) $ curl host.crc.testing:8000 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
CoreOS VM tries to connect to Amazon EC2 metadata service. By directly dropping the connection, it removes error log lines like: ERRO[0658] net.Dial() = dial tcp 169.254.169.254:80: connect: connection timed out
registry.redhat.io requires authentication, registry.access.redhat.com does not as described on https://access.redhat.com/RegistryAuthentication Since both have the image that we need, we can use the public one to make builds easier.
Uh oh!
There was an error while loading. Please reload this page.