Adding --net=host to put container on localhost network.

[etsauer]

What does this PR do?

This will allow for easier interaction with other tools on local machines.

How should this be manually tested?

Pull down fork & branch for this PR. Run ./docker/openstack-docker-client/run.sh Try to ping a service running on localhost (i tried DNSMasq)

Is there a relevant Issue open for this?

n/a

Who would you like to review this?

/cc @sabre1041 @oybed

[oybed]

@etsauer Could we make it an option to the run.sh script instead of always/permanently use --net=host? In general, using options such as --net=host and --uts=host are considered insecure, so not sure we'd want it to be always on (or at least would be nice to have a way to choose not to use it).

Also, just wondering: Instead of relying on --net=host, and localhost, couldn't the ip assigned to the docker0 bridge be used to work around the issue this solves?

[etsauer]

@oybed the problem I see with that is the a user would never know to use that option. I agree that those options are generally insecure, but we are talking about a container that will run on the laptops of the guys who help us develop our scripts. I'm open to other suggestions at how to solve this. Here's the problem statement I'm trying to solve:

As an rhc-ose script developer, I want to be able to have my dev/testing container environment be able to interact with other network based tools i may have running on my workstation.

The main example I have of this are that I run dnsmasq on my local machine to make remote openshift clusters appear to have valid DNS.

[etsauer]

@oybed bumping this again, as I've found another use case for this PR... using the CDK to test ansible work.

[oybed]

@etsauer seen this? https://github.com/docker/docker/issues/6401

Personally I still feel this should be an argument to the run.sh script that can be specified (and of course well documented for how to use) and not something that should always be on.

[etsauer]

@oybed looks to only be an ubuntu problem.

[esauer@localhost rhc-ose-etsauer]$ cat docker/openstack-docker-client/run.sh  | grep 'net=host'
docker run -it --net=host ${REMOVE_CONTAINER_ON_EXIT} -v ${OPENSTACK_CONFIG_DIR}:/root/.openstack:z ${REPOSITORY_VOLUME} ${SSH_VOLUME} ${ANSIBLE_CFG} ${OPENSTACK_CLIENT_IMAGE}
[esauer@localhost rhc-ose-etsauer]$ ./docker/openstack-docker-client/run.sh --repository=/home/esauer/src

Git Repository containing scripts are found and mounted in the '/root/repository' folder
Starting OpenStack Client Container....

[root@localhost ~]# reboot
Failed to talk to init daemon.
[root@localhost ~]# shutdown
Failed to talk to shutdownd, proceeding with immediate shutdown: No such file or directory
Failed to talk to init daemon.
[root@localhost ~]# halt
Failed to talk to init daemon.
[root@localhost ~]# 

That said, yes I'll make it an option.

[etsauer]

@oybed made this a flag option and included a warning about what this means. Here's a sample usage:

[esauer@localhost rhc-ose-etsauer]$ ./docker/openstack-docker-client/run.sh --repository=/home/esauer/src

Git Repository containing scripts are found and mounted in the '/root/repository' folder
Starting OpenStack Client Container....

[root@c5c20691df00 ~]# ping 10.1.2.2
PING 10.1.2.2 (10.1.2.2) 56(84) bytes of data.
From 172.17.0.1 icmp_seq=1 Destination Port Unreachable
From 172.17.0.1 icmp_seq=2 Destination Port Unreachable
^C
--- 10.1.2.2 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms

[root@c5c20691df00 ~]# exit
exit
[esauer@localhost rhc-ose-etsauer]$ ./docker/openstack-docker-client/run.sh --repository=/home/esauer/src --host-net
Warning: Setting the --host-net flag adds `--net=host` to your docker run command. Be aware that this means your container can talk to any network service running on this host.

Git Repository containing scripts are found and mounted in the '/root/repository' folder
Starting OpenStack Client Container....

[root@localhost ~]# ping 10.1.2.2
PING 10.1.2.2 (10.1.2.2) 56(84) bytes of data.
64 bytes from 10.1.2.2: icmp_seq=1 ttl=64 time=1.81 ms
64 bytes from 10.1.2.2: icmp_seq=2 ttl=64 time=0.131 ms
^C
--- 10.1.2.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.131/0.970/1.810/0.840 ms
[root@localhost ~]# 

[oybed]

@etsauer awesome - thank you for making the change. LGTM so I'll merge.