dockerd-rootless.sh: if no slirp4netns, try pasta #51149
Conversation
robmry
added
kind/enhancement
contrib/dockerd-rootless.sh
Outdated
| fi | ||
| if [ -z "$net" ]; then | ||
| if command -v pasta > /dev/null 2>&1; then | ||
| net=pasta | ||
| if [ -z "$portdriver" ]; then | ||
| portdriver=implicit | ||
| fi | ||
| if [ -z "$mtu" ]; then | ||
| mtu=65520 # passt's default | ||
| fi |
There was a problem hiding this comment.
This will still prefer slirp4netns right?
Do we want to make pasta the prefered one if it's available?
There was a problem hiding this comment.
Can easily swap them - but if people are happily using slirp4netns without explicitly specifying it, I figured we don't need to change things unless there's a good reason to swap them over. There may well be a good reason, I just don't know it.
At the moment, when using pasta, rootlesskit says this - which also made me think slirp4netns might still be best as a default, perhaps that warning can be removed though ...
WARN[0000] [rootlesskit:parent] "pasta" network driver is experimental. Needs very recent version of pasta (see docs/network.md).
(Once the RPM spec files are updated with a Requires: (slirp4netns | passt) ... if slirp4netns is already installed on upgrade, I don't think pasta will be installed if it's missing. And, RHEL 10 will have pasta and not slirp4netns.)
There was a problem hiding this comment.
Yeah, fine with that for now too, just wanted to check.
vvoland
left a comment
vvoland
left a comment
There was a problem hiding this comment.
LGTM, but would love to get a blessing from @AkihiroSuda!
contrib/dockerd-rootless.sh
Outdated
| --slirp4netns-sandbox=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SANDBOX \ | ||
| --slirp4netns-seccomp=$DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP \ | ||
| $host_loopback --port-driver=$DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER \ | ||
| $host_loopback --port-driver=$portdriver \ |
There was a problem hiding this comment.
nit:
| $host_loopback --port-driver=$portdriver \ | |
| $host_loopback --port-driver=$port_driver \ |
might look more consistent
contrib/dockerd-rootless.sh
Outdated
| net=vpnkit | ||
| else | ||
| echo "Either slirp4netns (>= v0.4.0) or vpnkit needs to be installed" | ||
| echo "One of slirp4netns (>= v0.4.0), pasta (passt >= 2023_12_04), or vpnkit needs to be installed" |
There was a problem hiding this comment.
The comments in L13, L14, and L15 has to be updated too
Signed-off-by: Rob Murray <[email protected]>
When DOCKERD_ROOTLESS_ROOTLESSKIT_MTU is not set, and ... - DOCKERD_ROOTLESS_ROOTLESSKIT_NET is not set and slirp4netns is selected, MTU defaults to 65520. - DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns, MTU defaults to 1500. Change the logic so that, however slirp4netns is selected, MTU defaults to 65520. Signed-off-by: Rob Murray <[email protected]>
robmry
force-pushed
the
rootless-pasta
branch
from
9b66141 to
a6206f2
Compare
|
I've changed things around a bit ... previously, if Now, both of those defaults are applied after picking a net driver (so MTU and port driver defaults both depend on net driver selection). Also split the "no net driver found" check out of the |
3 participants
- What I did
pastadriver detection #51143In the
dockerd-rootless.shscript, if there's noslirp4netnstrypastabefore falling back to VPNkit.When
pastais the network driver, the default port driver isimplicitinstead ofbuiltin.Also (second commit), if
slirp4netnsis selected by env-var, still set its default MTU to 65520.- How I did it
The notes at the top of the script say "Needs recent version of pasta (2023_12_04)" ... but I'm not sure how to check for that. The reported version number depends on the packager, and I don't know of a command line option to check for (like slirp4netns's check for `--netns-type). As it's no longer that new, perhaps a version check isn't essential ... but can add one if there's a way?
- How to verify it
On a Debian Trixie host, with moby 28.5.1, I tried ...
slirp4netnsinstalled, it was used as normaldockerd-rootless.sh-> ok (running with pasta)-p 8080:80and checked it workedDOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=builtin dockerd-rootless.sh-> errorDOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=implicit dockerd-rootless.sh-> ok- Human readable description for the release notes
- dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt).