[Buildroot] [PATCH 1/3] package/docker-engine: fix port forwarding for hosts without IPv6

[Buildroot] [PATCH 1/3] package/docker-engine: fix port forwarding for hosts without IPv6

[Peter Korsgaard]

docker-engine 20.10.6 broke container port forwarding for hosts without IPv6
support:

docker: Error response from daemon: driver failed programming external
connectivity on endpoint naughty_moore
(038e9ed4b5ea77e1c52462d6d04ad001fbad9beb185a6511aadc217c8a271608): Error
starting userland proxy: listen tcp6 [::]:80: socket: address family not
supported by protocol.

Add a libnetwork patch from an upstream pull request to fix this, after
adjusting the patch to apply to docker-engine (which has libnetwork vendored
under vendor/github.com/docker/libnetwork):

- https://github.com/moby/libnetwork/pull/2635,
- https://github.com/moby/moby/pull/42322

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...-port-forwarding-with-ipv6.disable-1.patch | 74 +++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 package/docker-engine/0001-fix-port-forwarding-with-ipv6.disable-1.patch

diff --git a/package/docker-engine/0001-fix-port-forwarding-with-ipv6.disable-1.patch b/package/docker-engine/0001-fix-port-forwarding-with-ipv6.disable-1.patch
new file mode 100644
index 0000000000..c5161ef0db
--- /dev/null
+++ b/package/docker-engine/0001-fix-port-forwarding-with-ipv6.disable-1.patch
@@ -0,0 +1,74 @@
+From 7b9c2905883df5171fda10a364a81b8c6176c8e2 Mon Sep 17 00:00:00 2001
+From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
+Date: Mon, 26 Apr 2021 15:28:40 +0900
+Subject: [PATCH] fix port forwarding with ipv6.disable=1
+
+Make `docker run -p 80:80` functional again on environments with kernel boot parameter `ipv6.disable=1`.
+
+Fix moby/moby issue 42288
+
+Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
+[Upstream: https://github.com/moby/libnetwork/pull/2635,
+           https://github.com/moby/moby/pull/42322]
+[Rework path/drop test for docker-engine]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go | 31 +++++++++++++++++++++++++++++++
+ 1 file changed, 35 insertions(+), 0 deletion(-)
+
+diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
+index 946130ec..17bf36f9 100644
+--- a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
++++ b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
+@@ -5,6 +5,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"net"
++	"sync"
+ 
+ 	"github.com/docker/libnetwork/types"
+ 	"github.com/ishidawataru/sctp"
+@@ -50,6 +51,13 @@ func (n *bridgeNetwork) allocatePortsInternal(bindings []types.PortBinding, cont
+ 			bs = append(bs, bIPv4)
+ 		}
+ 
++		// skip adding implicit v6 addr, when the kernel was booted with `ipv6.disable=1`
++		// https://github.com/moby/moby/issues/42288
++		isV6Binding := c.HostIP != nil && c.HostIP.To4() == nil
++		if !isV6Binding && !IsV6Listenable() {
++			continue
++		}
++
+ 		// Allocate IPv6 Port mappings
+ 		// If the container has no IPv6 address, allow proxying host IPv6 traffic to it
+ 		// by setting up the binding with the IPv4 interface if the userland proxy is enabled
+@@ -211,3 +219,26 @@ func (n *bridgeNetwork) releasePort(bnd types.PortBinding) error {
+ 
+ 	return portmapper.Unmap(host)
+ }
++
++var (
++	v6ListenableCached bool
++	v6ListenableOnce   sync.Once
++)
++
++// IsV6Listenable returns true when `[::1]:0` is listenable.
++// IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option.
++func IsV6Listenable() bool {
++	v6ListenableOnce.Do(func() {
++		ln, err := net.Listen("tcp6", "[::1]:0")
++		if err != nil {
++			// When the kernel was booted with `ipv6.disable=1`,
++			// we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
++			// https://github.com/moby/moby/issues/42288
++			logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
++		} else {
++			v6ListenableCached = true
++			ln.Close()
++		}
++	})
++	return v6ListenableCached
++}
+-- 
+2.20.1
+
-- 
2.20.1

[Buildroot] [PATCH 2/3] test_docker_compose.py: Test the port publish feature

[Peter Korsgaard]

Extend docker_test() to expose a random (8888) port to verify that doesn't
fail, and extend the docker-compose test to run the busybox httpd in the
background, expose that as port 80 and verify that /etc/resolv.conf could be
fetched by wget.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 support/testing/conf/docker-compose.yml              | 3 +++
 support/testing/tests/package/test_docker_compose.py | 8 +++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/support/testing/conf/docker-compose.yml b/support/testing/conf/docker-compose.yml
index 49ff2677da..de33251dfd 100644
--- a/support/testing/conf/docker-compose.yml
+++ b/support/testing/conf/docker-compose.yml
@@ -2,3 +2,6 @@ version: '3'
 services:
   busybox:
     image: "busybox:latest"
+    command: httpd -f -h /etc/
+    ports:
+      - "80:80"
diff --git a/support/testing/tests/package/test_docker_compose.py b/support/testing/tests/package/test_docker_compose.py
index 67ee795f21..364f75b5b0 100644
--- a/support/testing/tests/package/test_docker_compose.py
+++ b/support/testing/tests/package/test_docker_compose.py
@@ -37,13 +37,15 @@ class TestDockerCompose(infra.basetest.BRTest):
 
     def docker_test(self):
         # will download container if not available, which may take some time
-        _, exit_code = self.emulator.run('docker run --rm busybox:latest /bin/true', 120)
+        _, exit_code = self.emulator.run('docker run --rm -p 8888:8888 busybox:latest /bin/true', 120)
         self.assertEqual(exit_code, 0)
 
     def docker_compose_test(self):
         # will download container if not available, which may take some time
-        _, exit_code = self.emulator.run('docker-compose up', 120)
-        self.assertEqual(exit_code, 0)
+        self.assertRunOk('docker-compose up -d', 120)
+        # container may take some time to start
+        self.assertRunOk('while ! docker inspect root_busybox_1 2>&1 >/dev/null; do sleep 1; done', 120)
+        self.assertRunOk('wget http://127.0.0.1/resolv.conf', 120)
 
     def test_run(self):
         kernel = os.path.join(self.builddir, "images", "bzImage")
-- 
2.20.1

[Buildroot] [PATCH 3/3] test_docker_compose.py: Test the volume mount feature

[Peter Korsgaard]

Extend docker_compose_test() to expose /bin on the host to the container
through a volume mount and verify that /bin/busybox can be downloaded and
contains the right data.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 support/testing/conf/docker-compose.yml              | 4 +++-
 support/testing/tests/package/test_docker_compose.py | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/support/testing/conf/docker-compose.yml b/support/testing/conf/docker-compose.yml
index de33251dfd..ce89d79b59 100644
--- a/support/testing/conf/docker-compose.yml
+++ b/support/testing/conf/docker-compose.yml
@@ -2,6 +2,8 @@ version: '3'
 services:
   busybox:
     image: "busybox:latest"
-    command: httpd -f -h /etc/
+    command: httpd -f -h /www/
     ports:
       - "80:80"
+    volumes:
+      - "/bin:/www"
diff --git a/support/testing/tests/package/test_docker_compose.py b/support/testing/tests/package/test_docker_compose.py
index 364f75b5b0..737dbf393c 100644
--- a/support/testing/tests/package/test_docker_compose.py
+++ b/support/testing/tests/package/test_docker_compose.py
@@ -45,7 +45,8 @@ class TestDockerCompose(infra.basetest.BRTest):
         self.assertRunOk('docker-compose up -d', 120)
         # container may take some time to start
         self.assertRunOk('while ! docker inspect root_busybox_1 2>&1 >/dev/null; do sleep 1; done', 120)
-        self.assertRunOk('wget http://127.0.0.1/resolv.conf', 120)
+        self.assertRunOk('wget -O /tmp/busybox http://127.0.0.1/busybox', 120)
+        self.assertRunOk('cmp /bin/busybox /tmp/busybox', 120)
 
     def test_run(self):
         kernel = os.path.join(self.builddir, "images", "bzImage")
-- 
2.20.1

[Buildroot] [PATCH 1/3] package/docker-engine: fix port forwarding for hosts without IPv6

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > docker-engine 20.10.6 broke container port forwarding for hosts without IPv6
 > support:

 > docker: Error response from daemon: driver failed programming external
 > connectivity on endpoint naughty_moore
 > (038e9ed4b5ea77e1c52462d6d04ad001fbad9beb185a6511aadc217c8a271608): Error
 > starting userland proxy: listen tcp6 [::]:80: socket: address family not
 > supported by protocol.

 > Add a libnetwork patch from an upstream pull request to fix this, after
 > adjusting the patch to apply to docker-engine (which has libnetwork vendored
 > under vendor/github.com/docker/libnetwork):

 > - https://github.com/moby/libnetwork/pull/2635,
 > - https://github.com/moby/moby/pull/42322

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/3] test_docker_compose.py: Test the port publish feature

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Extend docker_test() to expose a random (8888) port to verify that doesn't
 > fail, and extend the docker-compose test to run the busybox httpd in the
 > background, expose that as port 80 and verify that /etc/resolv.conf could be
 > fetched by wget.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 3/3] test_docker_compose.py: Test the volume mount feature

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Extend docker_compose_test() to expose /bin on the host to the container
 > through a volume mount and verify that /bin/busybox can be downloaded and
 > contains the right data.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/3] package/docker-engine: fix port forwarding for hosts without IPv6

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > docker-engine 20.10.6 broke container port forwarding for hosts without IPv6
 > support:

 > docker: Error response from daemon: driver failed programming external
 > connectivity on endpoint naughty_moore
 > (038e9ed4b5ea77e1c52462d6d04ad001fbad9beb185a6511aadc217c8a271608): Error
 > starting userland proxy: listen tcp6 [::]:80: socket: address family not
 > supported by protocol.

 > Add a libnetwork patch from an upstream pull request to fix this, after
 > adjusting the patch to apply to docker-engine (which has libnetwork vendored
 > under vendor/github.com/docker/libnetwork):

 > - https://github.com/moby/libnetwork/pull/2635,
 > - https://github.com/moby/moby/pull/42322

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/3] test_docker_compose.py: Test the port publish feature

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Extend docker_test() to expose a random (8888) port to verify that doesn't
 > fail, and extend the docker-compose test to run the busybox httpd in the
 > background, expose that as port 80 and verify that /etc/resolv.conf could be
 > fetched by wget.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 3/3] test_docker_compose.py: Test the volume mount feature

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Extend docker_compose_test() to expose /bin on the host to the container
 > through a volume mount and verify that /bin/busybox can be downloaded and
 > contains the right data.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard