diff options
| author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-01-08 17:08:06 +0000 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-02-09 03:32:52 +0000 |
| commit | f2889118f7871bb69d21db978b6c5f9131ecb089 (patch) | |
| tree | d0f9eba661abc4339c1fd9ca0314fc00069b6e7c /recipes-containers | |
| parent | 6b18259bd97f6d350f18eccbdd0b81fbc2bd982e (diff) | |
| download | meta-virtualization-f2889118f7871bb69d21db978b6c5f9131ecb089.tar.gz | |
vcontainer: update CLI for bridge networking
Update the CLI wrapper to work with Docker bridge networking:
- qmp_add_hostfwd(): Change QEMU port forward from host_port->guest_port
to host_port->host_port. With bridge networking, Docker's iptables
handles the final hop (VM:host_port -> container:guest_port).
- Default network mode: Remove --network=host default. Docker's bridge
is now the default, giving each container its own IP. Users can still
explicitly use --network=host for legacy behavior.
- Update help text to document the new bridge networking behavior.
Port forwarding flow is now:
Host:8080 -> QEMU -> VM:8080 -> Docker iptables -> Container:80
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'recipes-containers')
| -rwxr-xr-x | recipes-containers/vcontainer/files/vcontainer-common.sh | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/recipes-containers/vcontainer/files/vcontainer-common.sh b/recipes-containers/vcontainer/files/vcontainer-common.sh index 7f177e63..9003e0c7 100755 --- a/recipes-containers/vcontainer/files/vcontainer-common.sh +++ b/recipes-containers/vcontainer/files/vcontainer-common.sh | |||
| @@ -381,10 +381,11 @@ ${BOLD}MEMORY RESIDENT MODE (vmemres):${NC} | |||
| 381 | - protocol: tcp (default) or udp | 381 | - protocol: tcp (default) or udp |
| 382 | - Multiple -p options can be specified | 382 | - Multiple -p options can be specified |
| 383 | 383 | ||
| 384 | ${YELLOW}NOTE:${NC} --network=host is used by default for all containers. | 384 | ${YELLOW}NOTE:${NC} Docker bridge networking (docker0) is used by default. |
| 385 | Docker bridge networking is not available inside the VM. Host networking | 385 | Each container gets its own IP on 172.17.0.0/16. Port forwarding works via: |
| 386 | allows containers to share the VM's network stack, enabling port forwards | 386 | Host:8080 -> QEMU -> VM:8080 -> Docker iptables -> Container:80 |
| 387 | from the host to reach the container. Use --network=none to disable. | 387 | Use --network=host for legacy behavior where containers share VM's network. |
| 388 | Use --network=none to disable networking entirely. | ||
| 388 | 389 | ||
| 389 | ${BOLD}RUN vs VRUN:${NC} | 390 | ${BOLD}RUN vs VRUN:${NC} |
| 390 | ${CYAN}run${NC} - Full ${RUNTIME_UPPER} passthrough. Entrypoint is honored. | 391 | ${CYAN}run${NC} - Full ${RUNTIME_UPPER} passthrough. Entrypoint is honored. |
| @@ -736,6 +737,7 @@ qmp_send() { | |||
| 736 | 737 | ||
| 737 | # Add a port forward to the running daemon | 738 | # Add a port forward to the running daemon |
| 738 | # Usage: qmp_add_hostfwd <host_port> <guest_port> [protocol] | 739 | # Usage: qmp_add_hostfwd <host_port> <guest_port> [protocol] |
| 740 | # With bridge networking: QEMU forwards host:port -> VM:port, Docker handles VM:port -> container:port | ||
| 739 | qmp_add_hostfwd() { | 741 | qmp_add_hostfwd() { |
| 740 | local host_port="$1" | 742 | local host_port="$1" |
| 741 | local guest_port="$2" | 743 | local guest_port="$2" |
| @@ -743,7 +745,8 @@ qmp_add_hostfwd() { | |||
| 743 | 745 | ||
| 744 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Adding port forward: ${host_port} -> ${guest_port}/${protocol}" >&2 | 746 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Adding port forward: ${host_port} -> ${guest_port}/${protocol}" >&2 |
| 745 | 747 | ||
| 746 | local result=$(qmp_send "hostfwd_add net0 ${protocol}::${host_port}-:${guest_port}") | 748 | # QEMU forwards to host_port on VM; Docker -p handles the container port mapping |
| 749 | local result=$(qmp_send "hostfwd_add net0 ${protocol}::${host_port}-:${host_port}") | ||
| 747 | if echo "$result" | grep -q '"error"'; then | 750 | if echo "$result" | grep -q '"error"'; then |
| 748 | echo -e "${RED}[$VCONTAINER_RUNTIME_NAME]${NC} Failed to add port forward: $result" >&2 | 751 | echo -e "${RED}[$VCONTAINER_RUNTIME_NAME]${NC} Failed to add port forward: $result" >&2 |
| 749 | return 1 | 752 | return 1 |
| @@ -861,6 +864,12 @@ run_runtime_command() { | |||
| 861 | "$RUNNER" $runner_args --idle-timeout "$idle_timeout" --daemon-start | 864 | "$RUNNER" $runner_args --idle-timeout "$idle_timeout" --daemon-start |
| 862 | 865 | ||
| 863 | if daemon_is_running; then | 866 | if daemon_is_running; then |
| 867 | # Fresh daemon has no port forwards - clear stale registry | ||
| 868 | local pf_file=$(get_port_forward_file) | ||
| 869 | if [ -f "$pf_file" ]; then | ||
| 870 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Clearing stale port forward registry" >&2 | ||
| 871 | rm -f "$pf_file" | ||
| 872 | fi | ||
| 864 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Using daemon mode" >&2 | 873 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Using daemon mode" >&2 |
| 865 | "$RUNNER" $runner_args --daemon-send "$runtime_cmd" | 874 | "$RUNNER" $runner_args --daemon-send "$runtime_cmd" |
| 866 | else | 875 | else |
| @@ -903,6 +912,12 @@ run_runtime_command_with_input() { | |||
| 903 | "$RUNNER" $runner_args --idle-timeout "$idle_timeout" --daemon-start | 912 | "$RUNNER" $runner_args --idle-timeout "$idle_timeout" --daemon-start |
| 904 | 913 | ||
| 905 | if daemon_is_running; then | 914 | if daemon_is_running; then |
| 915 | # Fresh daemon has no port forwards - clear stale registry | ||
| 916 | local pf_file=$(get_port_forward_file) | ||
| 917 | if [ -f "$pf_file" ]; then | ||
| 918 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Clearing stale port forward registry" >&2 | ||
| 919 | rm -f "$pf_file" | ||
| 920 | fi | ||
| 906 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Using daemon mode for file I/O" >&2 | 921 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Using daemon mode for file I/O" >&2 |
| 907 | "$RUNNER" $runner_args --input "$input_path" --input-type "$input_type" --daemon-send-input -- "$runtime_cmd" | 922 | "$RUNNER" $runner_args --input "$input_path" --input-type "$input_type" --daemon-send-input -- "$runtime_cmd" |
| 908 | else | 923 | else |
| @@ -1890,10 +1905,10 @@ case "$COMMAND" in | |||
| 1890 | if [ "$INTERACTIVE" = "true" ]; then | 1905 | if [ "$INTERACTIVE" = "true" ]; then |
| 1891 | RUNTIME_RUN_OPTS="$RUNTIME_RUN_OPTS -it" | 1906 | RUNTIME_RUN_OPTS="$RUNTIME_RUN_OPTS -it" |
| 1892 | fi | 1907 | fi |
| 1893 | # Use host networking when enabled (container shares VM's network stack) | 1908 | # Use bridge networking (Docker's default) with VM's DNS |
| 1894 | # This is needed because Docker runs with --bridge=none | 1909 | # Each container gets its own IP on 172.17.0.0/16 |
| 1895 | if [ "$NETWORK" = "true" ]; then | 1910 | if [ "$NETWORK" = "true" ]; then |
| 1896 | RUNTIME_RUN_OPTS="$RUNTIME_RUN_OPTS --network=host --dns=10.0.2.3 --dns=8.8.8.8" | 1911 | RUNTIME_RUN_OPTS="$RUNTIME_RUN_OPTS --dns=10.0.2.3 --dns=8.8.8.8" |
| 1897 | fi | 1912 | fi |
| 1898 | 1913 | ||
| 1899 | # Add volume mounts | 1914 | # Add volume mounts |
| @@ -2047,11 +2062,12 @@ case "$COMMAND" in | |||
| 2047 | 2062 | ||
| 2048 | # Build runtime run command from args | 2063 | # Build runtime run command from args |
| 2049 | # Note: -it may have been consumed by global parser, so add it back if INTERACTIVE is set | 2064 | # Note: -it may have been consumed by global parser, so add it back if INTERACTIVE is set |
| 2050 | # Default to --network=host because Docker runs with --bridge=none inside the VM | 2065 | # Use bridge networking (Docker's default) - each container gets 172.17.0.x IP |
| 2066 | # User can override with --network=host for legacy behavior | ||
| 2051 | RUN_NETWORK_OPTS="" | 2067 | RUN_NETWORK_OPTS="" |
| 2052 | if [ "$RUN_HAS_NETWORK" = "false" ]; then | 2068 | if [ "$RUN_HAS_NETWORK" = "false" ]; then |
| 2053 | RUN_NETWORK_OPTS="--network=host --dns=10.0.2.3 --dns=8.8.8.8" | 2069 | RUN_NETWORK_OPTS="--dns=10.0.2.3 --dns=8.8.8.8" |
| 2054 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Using default --network=host" >&2 | 2070 | [ "$VERBOSE" = "true" ] && echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Using default bridge networking" >&2 |
| 2055 | fi | 2071 | fi |
| 2056 | 2072 | ||
| 2057 | if [ "$INTERACTIVE" = "true" ]; then | 2073 | if [ "$INTERACTIVE" = "true" ]; then |
| @@ -2337,9 +2353,20 @@ case "$COMMAND" in | |||
| 2337 | echo " (no orphans found)" | 2353 | echo " (no orphans found)" |
| 2338 | fi | 2354 | fi |
| 2339 | ;; | 2355 | ;; |
| 2356 | clean-ports) | ||
| 2357 | # Clear the port forward registry without stopping daemon | ||
| 2358 | pf_file=$(get_port_forward_file) | ||
| 2359 | if [ -f "$pf_file" ]; then | ||
| 2360 | count=$(wc -l < "$pf_file") | ||
| 2361 | rm -f "$pf_file" | ||
| 2362 | echo -e "${GREEN}[$VCONTAINER_RUNTIME_NAME]${NC} Cleared $count port forward entries from registry" | ||
| 2363 | else | ||
| 2364 | echo -e "${CYAN}[$VCONTAINER_RUNTIME_NAME]${NC} Port forward registry is already empty" | ||
| 2365 | fi | ||
| 2366 | ;; | ||
| 2340 | *) | 2367 | *) |
| 2341 | echo -e "${RED}[$VCONTAINER_RUNTIME_NAME]${NC} Unknown memres subcommand: $MEMRES_CMD" >&2 | 2368 | echo -e "${RED}[$VCONTAINER_RUNTIME_NAME]${NC} Unknown memres subcommand: $MEMRES_CMD" >&2 |
| 2342 | echo "Usage: $VCONTAINER_RUNTIME_NAME memres start|stop|restart|status|list" >&2 | 2369 | echo "Usage: $VCONTAINER_RUNTIME_NAME vmemres start|stop|restart|status|list|clean-ports" >&2 |
| 2343 | exit 1 | 2370 | exit 1 |
| 2344 | ;; | 2371 | ;; |
| 2345 | esac | 2372 | esac |