Skip to content

Commit bb6b35d

Browse files
jhenstridgejhenstridge
authored
Merge pull request #51 from sergiusens/docker-iptables
ensure runner works when docker is installed
2 parents 989705f + 07c9fa1 commit bb6b35d

File tree

4 files changed

+153
-1
lines changed

4 files changed

+153
-1
lines changed

.github/workflows/test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
path: ${{ steps.snapcraft.outputs.snap}}
3636

3737
integration-legacy: # make sure the action works on a clean machine without building
38-
runs-on: ubuntu-latest
38+
runs-on: ubuntu-18.04
3939
strategy:
4040
matrix:
4141
project:

__tests__/tools.test.ts

Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
import * as fs from 'fs'
44
import * as os from 'os'
55
import * as path from 'path'
6+
import * as core from '@actions/core'
67
import * as exec from '@actions/exec'
78
import * as tools from '../src/tools'
89

@@ -317,3 +318,105 @@ test('ensureSnapcraft refreshes if Snapcraft is installed', async () => {
317318
'snapcraft'
318319
])
319320
})
321+
322+
test('ensureLXDNetwork sets up iptables and warns about Docker', async () => {
323+
expect.assertions(8)
324+
325+
const infoMock = jest
326+
.spyOn(core, 'info')
327+
.mockImplementation((info: string) => {})
328+
329+
const execMock = jest
330+
.spyOn(exec, 'exec')
331+
.mockImplementation(
332+
async (program: string, args?: string[]): Promise<number> => {
333+
if (args != undefined && args[1] == 'moby-runc') {
334+
return 0
335+
} else {
336+
return 1
337+
}
338+
}
339+
)
340+
341+
await tools.ensureLXDNetwork()
342+
343+
expect(infoMock).toHaveBeenCalledWith(
344+
'Installed docker related packages might interfere with LXD networking: moby-runc'
345+
)
346+
expect(execMock).toHaveBeenNthCalledWith(1, 'dpkg', ['-l', 'moby-buildx'], {
347+
silent: true
348+
})
349+
expect(execMock).toHaveBeenNthCalledWith(2, 'dpkg', ['-l', 'moby-engine'], {
350+
silent: true
351+
})
352+
expect(execMock).toHaveBeenNthCalledWith(3, 'dpkg', ['-l', 'moby-cli'], {
353+
silent: true
354+
})
355+
expect(execMock).toHaveBeenNthCalledWith(4, 'dpkg', ['-l', 'moby-compose'], {
356+
silent: true
357+
})
358+
expect(execMock).toHaveBeenNthCalledWith(
359+
5,
360+
'dpkg',
361+
['-l', 'moby-containerd'],
362+
{silent: true}
363+
)
364+
expect(execMock).toHaveBeenNthCalledWith(6, 'dpkg', ['-l', 'moby-runc'], {
365+
silent: true
366+
})
367+
expect(execMock).toHaveBeenNthCalledWith(7, 'sudo', [
368+
'iptables',
369+
'-P',
370+
'FORWARD',
371+
'ACCEPT'
372+
])
373+
})
374+
375+
test('ensureLXDNetwork sets up iptables and warns only about installed packages', async () => {
376+
expect.assertions(8)
377+
378+
const infoMock = jest
379+
.spyOn(core, 'info')
380+
.mockImplementation((info: string) => {})
381+
const execMock = jest
382+
.spyOn(exec, 'exec')
383+
.mockImplementation(
384+
async (program: string, args?: string[]): Promise<number> => {
385+
return 0
386+
}
387+
)
388+
389+
await tools.ensureLXDNetwork()
390+
391+
expect(infoMock).toHaveBeenCalledWith(
392+
'Installed docker related packages might interfere with LXD networking: ' +
393+
'moby-buildx,moby-engine,moby-cli,moby-compose,moby-containerd,moby-runc'
394+
)
395+
expect(execMock).toHaveBeenNthCalledWith(1, 'dpkg', ['-l', 'moby-buildx'], {
396+
silent: true
397+
})
398+
expect(execMock).toHaveBeenNthCalledWith(2, 'dpkg', ['-l', 'moby-engine'], {
399+
silent: true
400+
})
401+
expect(execMock).toHaveBeenNthCalledWith(3, 'dpkg', ['-l', 'moby-cli'], {
402+
silent: true
403+
})
404+
expect(execMock).toHaveBeenNthCalledWith(4, 'dpkg', ['-l', 'moby-compose'], {
405+
silent: true
406+
})
407+
expect(execMock).toHaveBeenNthCalledWith(
408+
5,
409+
'dpkg',
410+
['-l', 'moby-containerd'],
411+
{silent: true}
412+
)
413+
expect(execMock).toHaveBeenNthCalledWith(6, 'dpkg', ['-l', 'moby-runc'], {
414+
silent: true
415+
})
416+
expect(execMock).toHaveBeenNthCalledWith(7, 'sudo', [
417+
'iptables',
418+
'-P',
419+
'FORWARD',
420+
'ACCEPT'
421+
])
422+
})

dist/index.js

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4164,6 +4164,28 @@ async function ensureSnapd() {
41644164
await exec.exec('sudo', ['chown', 'root:root', '/']);
41654165
}
41664166
}
4167+
async function ensureLXDNetwork() {
4168+
const mobyPackages = [
4169+
'moby-buildx',
4170+
'moby-engine',
4171+
'moby-cli',
4172+
'moby-compose',
4173+
'moby-containerd',
4174+
'moby-runc'
4175+
];
4176+
const installedPackages = [];
4177+
const options = { silent: true };
4178+
for (const mobyPackage of mobyPackages) {
4179+
if ((await exec.exec('dpkg', ['-l', mobyPackage], options)) === 0) {
4180+
installedPackages.push(mobyPackage);
4181+
}
4182+
}
4183+
core.info(`Installed docker related packages might interfere with LXD networking: ${installedPackages}`);
4184+
// Removing docker is the best option, but some pipelines depend on it.
4185+
// https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#prevent-issues-with-lxd-and-docker
4186+
// https://github.com/canonical/lxd-cloud/blob/f20a64a8af42485440dcbfd370faf14137d2f349/test/includes/lxd.sh#L13-L23
4187+
await exec.exec('sudo', ['iptables', '-P', 'FORWARD', 'ACCEPT']);
4188+
}
41674189
async function ensureLXD() {
41684190
const haveDebLXD = await haveExecutable('/usr/bin/lxd');
41694191
if (haveDebLXD) {
@@ -4195,6 +4217,7 @@ async function ensureLXD() {
41954217
}
41964218
core.info('Initialising LXD...');
41974219
await exec.exec('sudo', ['lxd', 'init', '--auto']);
4220+
await ensureLXDNetwork();
41984221
}
41994222
async function ensureSnapcraft(channel) {
42004223
const haveSnapcraft = await haveExecutable('/snap/bin/snapcraft');

src/tools.ts

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,31 @@ export async function ensureSnapd(): Promise<void> {
2929
}
3030
}
3131

32+
export async function ensureLXDNetwork(): Promise<void> {
33+
const mobyPackages: string[] = [
34+
'moby-buildx',
35+
'moby-engine',
36+
'moby-cli',
37+
'moby-compose',
38+
'moby-containerd',
39+
'moby-runc'
40+
]
41+
const installedPackages: string[] = []
42+
const options = {silent: true}
43+
for (const mobyPackage of mobyPackages) {
44+
if ((await exec.exec('dpkg', ['-l', mobyPackage], options)) === 0) {
45+
installedPackages.push(mobyPackage)
46+
}
47+
}
48+
core.info(
49+
`Installed docker related packages might interfere with LXD networking: ${installedPackages}`
50+
)
51+
// Removing docker is the best option, but some pipelines depend on it.
52+
// https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#prevent-issues-with-lxd-and-docker
53+
// https://github.com/canonical/lxd-cloud/blob/f20a64a8af42485440dcbfd370faf14137d2f349/test/includes/lxd.sh#L13-L23
54+
await exec.exec('sudo', ['iptables', '-P', 'FORWARD', 'ACCEPT'])
55+
}
56+
3257
export async function ensureLXD(): Promise<void> {
3358
const haveDebLXD = await haveExecutable('/usr/bin/lxd')
3459
if (haveDebLXD) {
@@ -60,6 +85,7 @@ export async function ensureLXD(): Promise<void> {
6085
}
6186
core.info('Initialising LXD...')
6287
await exec.exec('sudo', ['lxd', 'init', '--auto'])
88+
await ensureLXDNetwork()
6389
}
6490

6591
export async function ensureSnapcraft(channel: string): Promise<void> {

0 commit comments

Comments
 (0)