search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
14.11k stars 5.47k forks source link

docker_container does not support ipv6 port bindings #53709

Open prometheanfire opened 5 years ago

prometheanfire commented 5 years ago

Here's the example to reproduce

include:
  - sys.docker  # installs and configures docker (enables v6 support)

duo-access-gateway_volume:
  docker_volume.present:
    - name: duo-access-gateway
    - driver: local

duo-container:
  docker_container.running:
    - name: duo-access-gateway
    - image: duosecurity/access-gateway@sha256:ba065e9a04478fc17fd5b61b8c558616b7e9acba105668ef786f084545c32778
    - labels:
      - 'com.duo.access-gateway.builder.version': '62dc4eaf'
      - 'com.duo.access-gateway.code.version': 'v1.5.6'
      - 'com.duo.access-gateway.built': 'Fri, 14 Dec 2018 20:50:35 -0000'
    - restart_policy: always
    - log_driver: json-file
    - log_opt:
      - max-size: '50m'
      - max-file: '20'
    - port_bindings:
      - 'foo:bar:baz::foobar:80:8000'
      - '443:4443'
      - '8443:8443'
    - binds:
      - duo-access-gateway:/data
    - require:
      - docker_volume: duo-access-gateway_volume

You'll get an error like

local:
----------
          ID: duo-container
    Function: docker_container.running
        Name: duo-access-gateway
      Result: False
     Comment: Failed to translate input. Additional info follows:

              invalid:
                  ----------
                  port_bindings:
                      'foo:bar:baz::foobar:80:8000' is an invalid port binding definition (at most 3 components are allowed, found 7)

              If you feel this information is incorrect, the skip_translate argument can be used to skip input translation for the argument(s) identified as invalid. See the documentation for details.

I've tried the skip_translate option but it didn't help.

https://github.com/docker/docker-py/blob/master/docker/utils/ports.py#L3 is how upstream suports it (crazy regex).

https://github.com/saltstack/salt/blob/develop/salt/utils/docker/translate/container.py#L388 is why it's broken (it does a basic split on ':', which does not work for ipv6...)

lenfree commented 5 years ago

Hi @Akm0d, any update on this?

HenriWahl commented 4 years ago

Same tragedy here.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

HenriWahl commented 4 years ago

The problem is apparently not solved yet.

stale[bot] commented 4 years ago

Thank you for updating this issue. It is no longer marked as stale.

ghost commented 1 year ago

Any update here?

mitar commented 5 months ago

I can confirm that IPv6 address does still not work with salt 3007.0. :-(

mitar commented 5 months ago

It seems the following workaround works:

    - skip_translate: port_bindings
    - port_bindings:
        8080/tcp:
        - HostIp: "10.0.0.1"
          HostPort: 443
        - HostIp: "2001:db8::1"
          HostPort: 443
ghost commented 5 months ago

Simply use docker-compose as a workaround:

docker-compose.yml:

networks:
  - dual_stack
ports:
  - "0.0.0.0:443:443"
  - ":::443:443"

some.sls:

create_docker_network:
  cmd.run:
    - name: 'docker network create --ipv6 --subnet=fdd5:2126:618a::/64 dual_stack'
    - unless: 'docker network ls | grep dual_stack'
    - require:
      - docker_service

And yes the 3007 version is completely broken shit.

mitar commented 4 months ago

This issue is about docker_container.running, not docker compose.

ghost commented 4 months ago

Just as a workaround my friend ;)

mitar commented 4 months ago

I have posted a workaround without having to use an external tool already. Is there anything wrong with my workaround?