Networks created by forgejo-runner don't have IPv6 enabled #119
Labels
No labels
Kind/Breaking
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: forgejo/runner#119
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I have a docker host which has IPv6 enabled in the
daemon.json
configuration:With this configuration, all containers on the default network get both IPv6 and IPv4 addresses assigned.
However, networks created by the Forgejo Runner are not IPv6-enabled:
As a workaround, i can run the runner with
container.network
set tobridge
, but I'd prefer Forgejo Runner to have a config option to enable IPv6 support on its auto-created networks.The code that should be modified to support IPv6 is around https://code.forgejo.org/forgejo/act/src/branch/main/pkg/container/docker_network.go
@earl-warren thanks for the pointer. I did a first hacky implementation, and it appears to be working. Unfortunately, we can't simply hard-code
EnableIPv6: true
in the network creation, as this fails to create containers on non-IPv6 enabled docker hosts. So changes to both forgejo/act (for the implementation) and forgejo/runner (for the config flag) are required.I'll clean up my code and open two PRs.
s3lph referenced this issue2023-11-14 18:20:25 +00:00
You will see lots of activity as a consequence of your PRs, from the
cascading-pr
user. It is a recent experimental addition that allows a companion PR to be created in the runner to verify the PR from ACT compiles.It was a little too verbose / enthusiastic and made lots of noise, all of which should now be cleaned up.
The difficulty essentially is to properly test your changes. If you provide me with a list of commands to do that assuming they run on a newly provisioned Debian GNU/Linux bookworm, I will create the CI job to do the same.
First of all, the docker daemon needs to be configured with IPv6 support, e.g.:
You can then run an action which checks for IPv6 connectivity, e.g.
If you run this with
forgejo-runner exec
, the job will fail:If you run this again with
forgejo-runner exec --enable-ipv6
, the job should succeed:The same should be tested with a
forgejo-runner daemon
withcontainer.enable_ipv6: false
andcontainer.enable_ipv6: true
, yielding the same results.This is perfect.
My idea to modify https://code.forgejo.org/actions/setup-forgejo/src/branch/main/forgejo-runner.sh to support the ipv6 option and add what you described above to https://code.forgejo.org/actions/setup-forgejo/src/branch/main/.forgejo/workflows/integration-nested.yml to verify it works.
Also note that this new feature needs an update to the documentation at https://codeberg.org/forgejo/docs/src/branch/next/docs/admin/actions.md
@earl-warren thanks for the hint. I've added a documentation snippet in https://codeberg.org/forgejo/docs/pulls/242
Re-opening pending the implementation of tests.
Now that the (many) Forgejo releases are done, I'll enjoy going back to working on this 🎉
Unfortunately IPv6 is not enabled by default in LXC containers even when the host is IPv6 capable. I'll need to figure that out first.
Now that the runner includes IPv6 capables LXC containers, it will be possible to write the test for IPv6 capable docker containers.
This has been implemented & tested. The tests actually prevented a regression when upgrading the ACT version, which is exactly what they were supposed to do.