diff options
| author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-01-05 14:25:01 +0000 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-02-09 03:32:52 +0000 |
| commit | e41728ba124e24612ca08d994b69dc8b8550e87d (patch) | |
| tree | 1b783dd85753628a85290b6f1e03b536103024a2 /recipes-containers/vcontainer | |
| parent | c03fa452f381d54af66c6bc0d0394622c3d3d61f (diff) | |
| download | meta-virtualization-e41728ba124e24612ca08d994b69dc8b8550e87d.tar.gz | |
vcontainer: default to --network=host for container run
Docker bridge networking is intentionally disabled in vdkr (dockerd runs
with --bridge=none --iptables=false). Rather than requiring users to
explicitly add --network=host to every container run command, make it
the default.
This simplifies port forwarding workflows:
vdkr memres start -p 8080:80
vdkr run -d --rm nginx:alpine # Just works, no --network=host needed
Users can still override with --network=none if they explicitly want
no networking.
Updates help text and examples to reflect the new default.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'recipes-containers/vcontainer')
| -rwxr-xr-x | recipes-containers/vcontainer/files/vcontainer-common.sh | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/recipes-containers/vcontainer/files/vcontainer-common.sh b/recipes-containers/vcontainer/files/vcontainer-common.sh index cd76ec6c..c63d2b3c 100755 --- a/recipes-containers/vcontainer/files/vcontainer-common.sh +++ b/recipes-containers/vcontainer/files/vcontainer-common.sh | |||
| @@ -365,6 +365,11 @@ ${BOLD}MEMORY RESIDENT MODE (vmemres):${NC} | |||
| 365 | Forward host port to container port (protocol: tcp or udp, default: tcp) | 365 | Forward host port to container port (protocol: tcp or udp, default: tcp) |
| 366 | Multiple -p options can be specified | 366 | Multiple -p options can be specified |
| 367 | 367 | ||
| 368 | ${YELLOW}NOTE:${NC} --network=host is used by default for all containers. | ||
| 369 | Docker bridge networking is not available inside the VM. Host networking | ||
| 370 | allows containers to share the VM's network stack, enabling port forwards | ||
| 371 | from the host to reach the container. Use --network=none to disable. | ||
| 372 | |||
| 368 | ${BOLD}RUN vs VRUN:${NC} | 373 | ${BOLD}RUN vs VRUN:${NC} |
| 369 | ${CYAN}run${NC} - Full ${RUNTIME_UPPER} passthrough. Entrypoint is honored. | 374 | ${CYAN}run${NC} - Full ${RUNTIME_UPPER} passthrough. Entrypoint is honored. |
| 370 | Command args are passed TO the entrypoint. | 375 | Command args are passed TO the entrypoint. |
| @@ -452,19 +457,19 @@ ${BOLD}EXAMPLES:${NC} | |||
| 452 | 457 | ||
| 453 | # Port forwarding (web server) | 458 | # Port forwarding (web server) |
| 454 | ${PROG_NAME} memres start -p 8080:80 # Forward host:8080 to guest:80 | 459 | ${PROG_NAME} memres start -p 8080:80 # Forward host:8080 to guest:80 |
| 455 | ${PROG_NAME} run -d --rm --network=host nginx:alpine # Container uses host network | 460 | ${PROG_NAME} run -d --rm nginx:alpine # Run nginx (--network=host is default) |
| 456 | curl http://localhost:8080 # Access nginx from host | 461 | curl http://localhost:8080 # Access nginx from host |
| 457 | 462 | ||
| 458 | # Port forwarding (SSH into a container) | 463 | # Port forwarding (SSH into a container) |
| 459 | ${PROG_NAME} memres start -p 2222:22 # Forward host:2222 to guest:22 | 464 | ${PROG_NAME} memres start -p 2222:22 # Forward host:2222 to guest:22 |
| 460 | ${PROG_NAME} run -d --network=host my-ssh-image # Container with SSH server | 465 | ${PROG_NAME} run -d my-ssh-image # Container with SSH server |
| 461 | ssh -p 2222 localhost # SSH from host into container | 466 | ssh -p 2222 localhost # SSH from host into container |
| 462 | 467 | ||
| 463 | # Multiple instances with different ports | 468 | # Multiple instances with different ports |
| 464 | ${PROG_NAME} memres list # Show running instances | 469 | ${PROG_NAME} memres list # Show running instances |
| 465 | ${PROG_NAME} -I web memres start -p 8080:80 # Start named instance | 470 | ${PROG_NAME} -I web memres start -p 8080:80 # Start named instance |
| 466 | ${PROG_NAME} -I web images # Use named instance | 471 | ${PROG_NAME} -I web images # Use named instance |
| 467 | ${PROG_NAME} -I backend run -d --network=host my-api:latest | 472 | ${PROG_NAME} -I backend run -d my-api:latest |
| 468 | 473 | ||
| 469 | ${BOLD}NOTES:${NC} | 474 | ${BOLD}NOTES:${NC} |
| 470 | - Architecture detection (in priority order): | 475 | - Architecture detection (in priority order): |
| @@ -1720,6 +1725,10 @@ case "$COMMAND" in | |||
| 1720 | # Usage: <tool> run [options] <image> [command] | 1725 | # Usage: <tool> run [options] <image> [command] |
| 1721 | # Automatically prepends 'runtime run' to the arguments | 1726 | # Automatically prepends 'runtime run' to the arguments |
| 1722 | # Supports volume mounts with -v (requires daemon mode) | 1727 | # Supports volume mounts with -v (requires daemon mode) |
| 1728 | # | ||
| 1729 | # NOTE: --network=host is added by default because Docker runs with | ||
| 1730 | # --bridge=none inside the VM. Users can override with --network=none | ||
| 1731 | # if they truly want no networking. | ||
| 1723 | if [ ${#COMMAND_ARGS[@]} -eq 0 ]; then | 1732 | if [ ${#COMMAND_ARGS[@]} -eq 0 ]; then |
| 1724 | echo -e "${RED}[$VCONTAINER_RUNTIME_NAME]${NC} run requires an image" >&2 | 1733 | echo -e "${RED}[$VCONTAINER_RUNTIME_NAME]${NC} run requires an image" >&2 |
| 1725 | echo "Usage: $VCONTAINER_RUNTIME_NAME run [options] <image> [command]" >&2 | 1734 | echo "Usage: $VCONTAINER_RUNTIME_NAME run [options] <image> [command]" >&2 |
| @@ -1732,13 +1741,17 @@ case "$COMMAND" in | |||
| 1732 | exit 1 | 1741 | exit 1 |
| 1733 | fi | 1742 | fi |
| 1734 | 1743 | ||
| 1735 | # Check if any volume mounts are present | 1744 | # Check if any volume mounts are present and if user specified --network |
| 1736 | RUN_HAS_VOLUMES=false | 1745 | RUN_HAS_VOLUMES=false |
| 1746 | RUN_HAS_NETWORK=false | ||
| 1737 | for arg in "${COMMAND_ARGS[@]}"; do | 1747 | for arg in "${COMMAND_ARGS[@]}"; do |
| 1738 | if [ "$arg" = "-v" ] || [ "$arg" = "--volume" ]; then | 1748 | if [ "$arg" = "-v" ] || [ "$arg" = "--volume" ]; then |
| 1739 | RUN_HAS_VOLUMES=true | 1749 | RUN_HAS_VOLUMES=true |
| 1740 | break | ||
| 1741 | fi | 1750 | fi |
| 1751 | # Check for explicit --network option (user override) | ||
| 1752 | case "$arg" in | ||
| 1753 | --network=*|--net=*) RUN_HAS_NETWORK=true ;; | ||
| 1754 | esac | ||
| 1742 | done | 1755 | done |
| 1743 | 1756 | ||
| 1744 | # Volume mounts require daemon mode | 1757 | # Volume mounts require daemon mode |
| @@ -1762,10 +1775,17 @@ case "$COMMAND" in | |||
| 1762 | 1775 | ||
| 1763 | # Build runtime run command from args | 1776 | # Build runtime run command from args |
| 1764 | # Note: -it may have been consumed by global parser, so add it back if INTERACTIVE is set | 1777 | # Note: -it may have been consumed by global parser, so add it back if INTERACTIVE is set |
| 1778 | # Default to --network=host because Docker runs with --bridge=none inside the VM | ||
| 1779 | RUN_NETWORK_OPTS="" | ||
| 1780 | if [ "$RUN_HAS_NETWORK" = "false" ]; then | ||
| 1781 | RUN_NETWORK_OPTS="--network=host --dns=10.0.2.3 --dns=8.8.8.8" | ||
| 1782 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Using default --network=host" >&2 | ||
| 1783 | fi | ||
| 1784 | |||
| 1765 | if [ "$INTERACTIVE" = "true" ]; then | 1785 | if [ "$INTERACTIVE" = "true" ]; then |
| 1766 | RUNTIME_CMD="$VCONTAINER_RUNTIME_CMD run -it ${COMMAND_ARGS[*]}" | 1786 | RUNTIME_CMD="$VCONTAINER_RUNTIME_CMD run -it $RUN_NETWORK_OPTS ${COMMAND_ARGS[*]}" |
| 1767 | else | 1787 | else |
| 1768 | RUNTIME_CMD="$VCONTAINER_RUNTIME_CMD run ${COMMAND_ARGS[*]}" | 1788 | RUNTIME_CMD="$VCONTAINER_RUNTIME_CMD run $RUN_NETWORK_OPTS ${COMMAND_ARGS[*]}" |
| 1769 | fi | 1789 | fi |
| 1770 | 1790 | ||
| 1771 | if [ "$INTERACTIVE" = "true" ]; then | 1791 | if [ "$INTERACTIVE" = "true" ]; then |