Add inet6 dns option to container

author: Valerij Fredriksen <valerijf@verizonmedia.com> 2020-02-24 17:34:06 +0100
committer: Valerij Fredriksen <valerijf@verizonmedia.com> 2020-02-24 17:34:06 +0100
commit: 54e094035634352a2414e47c84c506ecb7588ad3 (patch)
tree: 65d0901131f67be1a499da61cbb2203cc2480ad0
parent: 72bee965a485d420efc159e7eea0b9e29a455b55 (diff)
4 files changed, 18 insertions, 0 deletions
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java
index 32302a98757..ecfe9b2468a 100644
--- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/CreateContainerCommandImpl.java
@@ -34,6 +34,7 @@ class CreateContainerCommandImpl implements Docker.CreateContainerCommand {
     private final Map<String, String> labels = new HashMap<>();
     private final List<String> environmentAssignments = new ArrayList<>();
     private final List<String> volumeBindSpecs = new ArrayList<>();
+    private final List<String> dnsOptions = new ArrayList<>();
     private final List<Ulimit> ulimits = new ArrayList<>();
     private final Set<Capability> addCapabilities = new HashSet<>();
     private final Set<Capability> dropCapabilities = new HashSet<>();
@@ -96,6 +97,12 @@ class CreateContainerCommandImpl implements Docker.CreateContainerCommand {
     }
 
     @Override
+    public Docker.CreateContainerCommand withDnsOption(String dnsOption) {
+        dnsOptions.add(dnsOption);
+        return this;
+    }
+
+    @Override
     public Docker.CreateContainerCommand withPrivileged(boolean privileged) {
         this.privileged = privileged;
         return this;
@@ -171,6 +178,7 @@ class CreateContainerCommandImpl implements Docker.CreateContainerCommand {
                 .withPidsLimit(-1L)
                 .withCapAdd(addCapabilities.toArray(new Capability[0]))
                 .withCapDrop(dropCapabilities.toArray(new Capability[0]))
+                .withDnsOptions(dnsOptions)
                 .withPrivileged(privileged);
 
         containerResources.ifPresent(cr -> hostConfig
@@ -241,6 +249,7 @@ class CreateContainerCommandImpl implements Docker.CreateContainerCommand {
                 toRepeatedOption("--cap-add", addCapabilitiesList),
                 toRepeatedOption("--cap-drop", dropCapabilitiesList),
                 toRepeatedOption("--security-opt", securityOpts),
+                toRepeatedOption("--dns-option", dnsOptions),
                 toOptionalOption("--net", networkMode),
                 toOptionalOption("--ip", ipv4Address),
                 toOptionalOption("--ip6", ipv6Address),
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java
index 4e7ef5a1ff6..648c94d71ab 100644
--- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java
@@ -53,6 +53,7 @@ public interface Docker {
         CreateContainerCommand withAddCapability(String capabilityName);
         CreateContainerCommand withDropCapability(String capabilityName);
         CreateContainerCommand withSecurityOpts(String securityOpt);
+        CreateContainerCommand withDnsOption(String dnsOption);
         CreateContainerCommand withPrivileged(boolean privileged);
 
         void create();
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
index c790e73037e..782f8592350 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
@@ -66,6 +66,9 @@ public class DockerOperationsImpl implements DockerOperations {
                 .withHostName(context.node().hostname())
                 .withResources(containerResources)
                 .withManagedBy(MANAGER_NAME)
+                // The inet6 option is needed to prefer AAAA records with gethostbyname(3), used by (at least) a yca package
+                // TODO: Try to remove this
+                .withDnsOption("inet6")
                 .withUlimit("nofile", 262_144, 262_144)
                 // The nproc aka RLIMIT_NPROC resource limit works as follows:
                 //  - A process has a (soft) nproc limit, either inherited by the parent or changed with setrlimit(2).
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integrationTests/DockerMock.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integrationTests/DockerMock.java
index e2ad9e3de97..69bc9f5e092 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integrationTests/DockerMock.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/integrationTests/DockerMock.java
@@ -181,6 +181,11 @@ public class DockerMock implements Docker {
         }
 
         @Override
+        public CreateContainerCommand withDnsOption(String dnsOption) {
+            return this;
+        }
+
+        @Override
         public CreateContainerCommand withPrivileged(boolean privileged) {
             return this;
         }
author	Valerij Fredriksen <valerijf@verizonmedia.com>	2020-02-24 17:34:06 +0100
committer	Valerij Fredriksen <valerijf@verizonmedia.com>	2020-02-24 17:34:06 +0100
commit	54e094035634352a2414e47c84c506ecb7588ad3 (patch)
tree	65d0901131f67be1a499da61cbb2203cc2480ad0
parent	72bee965a485d420efc159e7eea0b9e29a455b55 (diff)