Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

container: T6219: Add support for container sysctl / kernel parameters #3288

Closed
wants to merge 1 commit into from

Conversation

TGNThump
Copy link
Contributor

@TGNThump TGNThump commented Apr 9, 2024

Change Summary

Adds kernel parameter / sysctl configuration support.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

https://vyos.dev/T6219

Related PR(s)

Component(s) name

container

Proposed changes

Adds support for configuring a container with the sysctl option:

container {
  name test {
    image busybox:stable
    kernel-parameter "net.ipv4.ip_forward" {
      value "1"
    }
  }
}

How to test

Smoketest result

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@vyosbot vyosbot requested review from a team, dmbaturin, sarthurdev, zdc, jestabro, sever-sever and c-po and removed request for a team April 9, 2024 19:40
@c-po
Copy link
Member

c-po commented Apr 12, 2024

Please use the already available syntax (example: https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_sysctl.xml.in)

set container sysctl parameter net.ipv4.ip_forward value 1

<tagNode name="parameter"> can then be moved to interface-definitions/include/sysctl.xml.i and re-used in both container.xml.in and system_sysctl.xml.in to have a common source.

@sever-sever
Copy link
Member

@TGNThump any updates?

@TGNThump
Copy link
Contributor Author

@TGNThump any updates?

Sorry, not had a chance to take another look at this.

@c-po c-po added the stale PR has become inactive or needs attention label May 9, 2024
@c-po
Copy link
Member

c-po commented May 20, 2024

According to https://docs.podman.io/en/v4.4/markdown/options/sysctl.html now all options are possible.

For the IPC namespace, the following sysctls are allowed:
Note: <<if using the --ipc=host option|if the ipc namespace is not shared within the pod>>, the above sysctls are not allowed.

For the network namespace, only sysctls beginning with net.* are allowed.
Note: <<if using the --network=host option|if the network namespace is not shared within the pod>>, the above sysctls are not allowed.

So we can use the same CLI style, but having a re-usable CLI definition does not work using this limitation.

@TGNThump can we expect you keep working on this? Or should it be moved back to the pool of open feature requests?

Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@c-po
Copy link
Member

c-po commented Jun 10, 2024

Superseeded by #3614

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
current stale PR has become inactive or needs attention state: conflict
Development

Successfully merging this pull request may close these issues.

3 participants