status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

test: force IPv4 on Docker 26+ to fix Envoy int tests (#20986) 

As of Docker Engine 26.0.0 (https://github.com/moby/moby/pull/47062),
IPv6 is enabled by default where supported. This causes issues for our
tests attempting to resolve requests to other containers over
localhost, since on Linux IPv6 will be preferred over IPv4 when
available when applying the default behavior defined in RFC3484.

As a workaround, force IPv4 with a flag passed to `docker run`.
This commit is contained in:
Michael Zalimeni 2024-04-17 15:49:33 -04:00 committed by GitHub
parent 08761f16c8
commit 5eea0b6c76
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
test/integration/connect/envoy/run-tests.sh
View File

@ -227,7 +227,7 @@ function start_consul {
docker_kill_rm consul-${DC}-server docker_kill_rm consul-${DC}-server
docker_kill_rm consul-${DC} docker_kill_rm consul-${DC}
docker run -d --name envoy_consul-${DC}-server_1 \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name envoy_consul-${DC}-server_1 \
--net=envoy-tests \ --net=envoy-tests \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
--hostname "consul-${DC}-server" \ --hostname "consul-${DC}-server" \
@ -240,7 +240,7 @@ function start_consul {
-client "0.0.0.0" \ -client "0.0.0.0" \
-bind "0.0.0.0" >/dev/null -bind "0.0.0.0" >/dev/null
docker run -d --name envoy_consul-${DC}_1 \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name envoy_consul-${DC}_1 \
--net=envoy-tests \ --net=envoy-tests \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
--hostname "consul-${DC}-client" \ --hostname "consul-${DC}-client" \
@ -258,7 +258,7 @@ function start_consul {
else else
docker_kill_rm consul-${DC} docker_kill_rm consul-${DC}
docker run -d --name envoy_consul-${DC}_1 \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name envoy_consul-${DC}_1 \
--net=envoy-tests \ --net=envoy-tests \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
--hostname "consul-${DC}" \ --hostname "consul-${DC}" \
@ -295,7 +295,7 @@ function start_partitioned_client {
# Run consul and expose some ports to the host to make debugging locally a # Run consul and expose some ports to the host to make debugging locally a
# bit easier. # bit easier.
# #
docker run -d --name envoy_consul-${PARTITION}_1 \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name envoy_consul-${PARTITION}_1 \
--net=envoy-tests \ --net=envoy-tests \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
--hostname "consul-${PARTITION}-client" \ --hostname "consul-${PARTITION}-client" \
@ -351,7 +351,7 @@ function verify {
# need to tell the PID 1 inside of the container that it won't be actual PID # need to tell the PID 1 inside of the container that it won't be actual PID
# 1 because we're using --pid=host so we use TINI_SUBREAPER # 1 because we're using --pid=host so we use TINI_SUBREAPER
if docker run --name envoy_verify-${CLUSTER}_1 -t \ if docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 --name envoy_verify-${CLUSTER}_1 -t \
-e TINI_SUBREAPER=1 \ -e TINI_SUBREAPER=1 \
-e ENVOY_VERSION \ -e ENVOY_VERSION \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
@ -442,7 +442,7 @@ function global_setup {
} }
function wipe_volumes { function wipe_volumes {
docker run --rm -i \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 --rm -i \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
--net=none \ --net=none \
"${HASHICORP_DOCKER_PROXY}/alpine" \ "${HASHICORP_DOCKER_PROXY}/alpine" \
@ -556,7 +556,7 @@ function suite_setup {
# This is a dummy container that we use to create volume and keep it # This is a dummy container that we use to create volume and keep it
# accessible while other containers are down. # accessible while other containers are down.
docker volume create envoy_workdir &>/dev/null docker volume create envoy_workdir &>/dev/null
docker run -d --name envoy_workdir_1 \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name envoy_workdir_1 \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
--net=none \ --net=none \
k8s.gcr.io/pause &>/dev/null k8s.gcr.io/pause &>/dev/null
@ -567,7 +567,7 @@ function suite_setup {
retry_default docker build -t bats-verify -f Dockerfile-bats . retry_default docker build -t bats-verify -f Dockerfile-bats .
echo "Checking bats image..." echo "Checking bats image..."
docker run --rm -t bats-verify -v docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 --rm -t bats-verify -v
# pre-build the consul+envoy container # pre-build the consul+envoy container
echo "Rebuilding 'consul-dev-envoy:${ENVOY_VERSION}' image..." echo "Rebuilding 'consul-dev-envoy:${ENVOY_VERSION}' image..."
@ -615,7 +615,7 @@ function common_run_container_service {
local httpPort="$3" local httpPort="$3"
local grpcPort="$4" local grpcPort="$4"
docker run -d --name $(container_name_prev) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name_prev) \
-e "FORTIO_NAME=${service}" \ -e "FORTIO_NAME=${service}" \
$(network_snippet $CLUSTER) \ $(network_snippet $CLUSTER) \
"${HASHICORP_DOCKER_PROXY}/fortio/fortio" \ "${HASHICORP_DOCKER_PROXY}/fortio/fortio" \
@ -696,7 +696,7 @@ function common_run_container_sidecar_proxy {
# despite separate containers that don't share IPC namespace. Not quite # despite separate containers that don't share IPC namespace. Not quite
# sure how this happens but may be due to unix socket being in some shared # sure how this happens but may be due to unix socket being in some shared
# location? # location?
docker run -d --name $(container_name_prev) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name_prev) \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
$(network_snippet $CLUSTER) \ $(network_snippet $CLUSTER) \
$(aws_snippet) \ $(aws_snippet) \
@ -717,7 +717,7 @@ function run_container_s1-ap1-sidecar-proxy {
} }
function run_container_s1-sidecar-proxy-consul-exec { function run_container_s1-sidecar-proxy-consul-exec {
docker run -d --name $(container_name) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name) \
$(network_snippet primary) \ $(network_snippet primary) \
consul-dev-envoy:${ENVOY_VERSION} \ consul-dev-envoy:${ENVOY_VERSION} \
consul connect envoy -sidecar-for s1 \ consul connect envoy -sidecar-for s1 \
@ -783,7 +783,7 @@ function common_run_container_gateway {
# despite separate containers that don't share IPC namespace. Not quite # despite separate containers that don't share IPC namespace. Not quite
# sure how this happens but may be due to unix socket being in some shared # sure how this happens but may be due to unix socket being in some shared
# location? # location?
docker run -d --name $(container_name_prev) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name_prev) \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
$(network_snippet $DC) \ $(network_snippet $DC) \
$(aws_snippet) \ $(aws_snippet) \
@ -824,7 +824,7 @@ function run_container_fake-statsd {
# This magic SYSTEM incantation is needed since Envoy doesn't add newlines and so # This magic SYSTEM incantation is needed since Envoy doesn't add newlines and so
# we need each packet to be passed to echo to add a new line before # we need each packet to be passed to echo to add a new line before
# appending. # appending.
docker run -d --name $(container_name) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name) \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
$(network_snippet primary) \ $(network_snippet primary) \
"${HASHICORP_DOCKER_PROXY}/alpine/socat:1.7.3.4-r1" \ "${HASHICORP_DOCKER_PROXY}/alpine/socat:1.7.3.4-r1" \
@ -833,14 +833,14 @@ function run_container_fake-statsd {
} }
function run_container_zipkin { function run_container_zipkin {
docker run -d --name $(container_name) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name) \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
$(network_snippet primary) \ $(network_snippet primary) \
"${HASHICORP_DOCKER_PROXY}/openzipkin/zipkin" "${HASHICORP_DOCKER_PROXY}/openzipkin/zipkin"
} }
function run_container_jaeger { function run_container_jaeger {
docker run -d --name $(container_name) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name) \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
$(network_snippet primary) \ $(network_snippet primary) \
"${HASHICORP_DOCKER_PROXY}/jaegertracing/all-in-one:1.11" \ "${HASHICORP_DOCKER_PROXY}/jaegertracing/all-in-one:1.11" \
@ -848,7 +848,7 @@ function run_container_jaeger {
} }
function run_container_test-sds-server { function run_container_test-sds-server {
docker run -d --name $(container_name) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name) \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
$(network_snippet primary) \ $(network_snippet primary) \
"test-sds-server" "test-sds-server"
@ -863,7 +863,7 @@ function container_name_prev {
# This is a debugging tool. Run via './run-tests.sh debug_dump_volumes' # This is a debugging tool. Run via './run-tests.sh debug_dump_volumes'
function debug_dump_volumes { function debug_dump_volumes {
docker run --rm -it \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 --rm -it \
$WORKDIR_SNIPPET \ $WORKDIR_SNIPPET \
-v ./:/cwd \ -v ./:/cwd \
--net=none \ --net=none \
@ -891,7 +891,7 @@ function common_run_container_tcpdump {
retry_default docker build -t envoy-tcpdump -f Dockerfile-tcpdump . retry_default docker build -t envoy-tcpdump -f Dockerfile-tcpdump .
docker run -d --name $(container_name_prev) \ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name $(container_name_prev) \
$(network_snippet $DC) \ $(network_snippet $DC) \
-v $(pwd)/workdir/${DC}/envoy/:/data \ -v $(pwd)/workdir/${DC}/envoy/:/data \
--privileged \ --privileged \