Skip to content

Commit

Permalink
[docker-in-docker] - toggle ip6tables settings value as option (#1068)
Browse files Browse the repository at this point in the history
* [docker-in-docker] - toggle ip6tables settings value as option

* Update src/docker-in-docker/devcontainer-feature.json

Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com>

* Update src/docker-in-docker/devcontainer-feature.json

Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com>

* ip6tables - can be toggled

* changes as requested

* change to add test file..

* changes for docker_build_older test passing

* misc change

* CHANGE

* chg

* minor change to make tests pass

* for sh compatibility

* change for version

* small change

* few imp. changes

* few changes

* for test passing

* minor commit

* version added to a test scenario

* changes

* LOGIC was moved outside the init file for faster initialization times

* changes

* logic updated !

* chg

* default value to be null

* changes as suggested in review comments..

* by mistake

* another small change

* requested changes in comments (review pr)

* change as requested

* changes as suggested in review comments

* Update src/docker-in-docker/install.sh

Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com>

---------

Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com>
  • Loading branch information
gauravsaini04 and samruddhikhandale authored Sep 16, 2024
1 parent b0667c5 commit d926879
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 3 deletions.
7 changes: 6 additions & 1 deletion src/docker-in-docker/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "docker-in-docker",
"version": "2.11.0",
"version": "2.12.0",
"name": "Docker (Docker-in-Docker)",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-in-docker",
"description": "Create child containers *inside* a container, independent from the host's docker instance. Installs Docker extension in the container along with needed CLIs.",
Expand Down Expand Up @@ -55,6 +55,11 @@
"type": "boolean",
"default": true,
"description": "Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter."
},
"disableIp6tables": {
"type": "boolean",
"default": false,
"description": "Disable ip6tables (this option is only applicable for Docker versions 27 and greater)"
}
},
"entrypoint": "/usr/local/share/docker-init.sh",
Expand Down
23 changes: 21 additions & 2 deletions src/docker-in-docker/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal jammy noble"
DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal hirsute impish jammy noble"
DISABLE_IP6_TABLES="${DISABLEIP6TABLES:-false}"

# Default: Exit on any failure.
set -e
Expand Down Expand Up @@ -468,6 +469,23 @@ if [ "${INSTALL_DOCKER_BUILDX}" = "true" ]; then
find "${docker_home}" -type d -print0 | xargs -n 1 -0 chmod g+s
fi

DOCKER_DEFAULT_IP6_TABLES=""
if [ "$DISABLE_IP6_TABLES" == true ]; then
requested_version=""
# checking whether the version requested either is in semver format or just a number denoting the major version
# and, extracting the major version number out of the two scenarios
semver_regex="^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-([0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*))?(\+([0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*))?$"
if echo "$DOCKER_VERSION" | grep -Eq $semver_regex; then
requested_version=$(echo $DOCKER_VERSION | cut -d. -f1)
elif echo "$DOCKER_VERSION" | grep -Eq "^[1-9][0-9]*$"; then
requested_version=$DOCKER_VERSION
fi
if [ "$DOCKER_VERSION" = "latest" ] || [[ -n "$requested_version" && "$requested_version" -ge 27 ]] ; then
DOCKER_DEFAULT_IP6_TABLES="--ip6tables=false"
echo "(!) As requested, passing '${DOCKER_DEFAULT_IP6_TABLES}'"
fi
fi

tee /usr/local/share/docker-init.sh > /dev/null \
<< EOF
#!/bin/sh
Expand All @@ -480,11 +498,12 @@ set -e
AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION}
DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL}
DOCKER_DEFAULT_IP6_TABLES=${DOCKER_DEFAULT_IP6_TABLES}
EOF

tee -a /usr/local/share/docker-init.sh > /dev/null \
<< 'EOF'
dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL} $(cat << 'INNEREOF'
dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL} DOCKER_DEFAULT_IP6_TABLES=${DOCKER_DEFAULT_IP6_TABLES} $(cat << 'INNEREOF'
# explicitly remove dockerd and containerd PID file to ensure that it can start properly if it was stopped uncleanly
find /run /var/run -iname 'docker*.pid' -delete || :
find /run /var/run -iname 'container*.pid' -delete || :
Expand Down Expand Up @@ -562,7 +581,7 @@ dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAU
fi
# Start docker/moby engine
( dockerd $CUSTOMDNS $DEFAULT_ADDRESS_POOL > /tmp/dockerd.log 2>&1 ) &
( dockerd $CUSTOMDNS $DEFAULT_ADDRESS_POOL $DOCKER_DEFAULT_IP6_TABLES > /tmp/dockerd.log 2>&1 ) &
INNEREOF
)"
Expand Down
24 changes: 24 additions & 0 deletions test/docker-in-docker/dockerIp6tablesDisabledTest.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/bin/bash

set -e

# Optional: Import test library
source dev-container-features-test-lib

ip6tablesCheck() {
if command -v ip6tables > /dev/null 2>&1; then
if ip6tables -L > /dev/null 2>&1; then
echo "✔️ ip6tables is enabled."
else
echo "❌ ip6tables is disabled."
fi
else
echo "❕ip6tables command not found. ❕"
fi
}

check "ip6tables" ip6tablesCheck
check "ip6tables check" bash -c "docker network inspect bridge"
check "docker-build" docker build ./

reportResults
9 changes: 9 additions & 0 deletions test/docker-in-docker/scenarios.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,15 @@
}
}
},
"dockerIp6tablesDisabledTest": {
"image": "ubuntu:focal",
"features": {
"docker-in-docker": {
"version": "27.0.3",
"disableIp6tables": true
}
}
},
"dockerDefaultAddressPool": {
"image": "mcr.microsoft.com/vscode/devcontainers/javascript-node:0-18",
"remoteUser": "node",
Expand Down

0 comments on commit d926879

Please sign in to comment.