Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to access network during build #80

Closed
neverfox opened this issue Nov 1, 2017 · 6 comments
Closed

Ability to access network during build #80

neverfox opened this issue Nov 1, 2017 · 6 comments

Comments

@neverfox
Copy link

neverfox commented Nov 1, 2017

Docker build now supports a --network flag that can, for example, let you access docker-compose services running on the host in your build (similar to how you can access the habitus server). Is it or would it be possible to have access to that through a habitus parameter?
@khash
Copy link
Member

khash commented Nov 3, 2017

Thank you @neverfox

I think this can definitely be a possible forward as long as it's not only limited to compose (habitus uses Docker daemon directly)

@mumoshu
Copy link
Collaborator

mumoshu commented Mar 8, 2018
edited
Loading

Hi!

Indeed it isn't docker-compose specific. Actually, I had been suggested by a moby maintainer to try it for a secure secret injection to build context.

Implementation-wise, would introducing a network key in build.yaml would be ok?

Like:

build:
  version: 2016-03-14
  steps:
    test:
      name: test
      dockerfile: Dockerfile
      network: myprivatenet

@mumoshu
Copy link
Collaborator

mumoshu commented Mar 8, 2018

@neverfox Oh, btw, what was your concrete use-case for this? Are you trying to inject secrets in a way other than habitat's?

@mumoshu
Copy link
Collaborator

mumoshu commented Mar 13, 2018

@neverfox Or perhaps you'd like to run integration tests w/ e.g. mysql inside docker-build?

@mumoshu
Copy link
Collaborator

mumoshu commented Mar 15, 2018

Let me say no to my own suggestion above!

Similarly to #87, setting network in build.yml isn't a good practice, as it basically means that your build depends on existence of a specific network. In other words, the network in which a build is run is an operational concern. We shouldn't leak it to build.yml.

More concretely, there might be a shared secret network per project for builds in CI, and a default bridge network for builds in my own machine. Fixing it in build.yml doesn't make sense.

I'd rather suggest to add a -network flag to specify in which docker network the builds are being run.

mumoshu added a commit to mumoshu/habitus that referenced this issue Mar 15, 2018
@mumoshu
Allow setting the networking mode or the docker network during build
59bc94b 
This feature allows you to e.g. access another docker containers from within a build for fetching build assets.

See [this comment](cloud66-oss#80 (comment)) why this is implemented as a flag rather than a key in build.yml.

Also see [the description about `--network` in the docker engine doc](https://docs.docker.com/engine/reference/commandline/build/) for more information, especially about why it is "networking mode" OR "network".

Resolves cloud66-oss#80

This is verified manually by running habitus with the new example at exampls/network/build.yml:

```
$ ~/bin/habitus --build host=$host --build port=80 --network mynetwork
2018/03/15 20:39:27 ▶ Using '/Users/kuoka-yusuke/go/src/github.com/cloud66/habitus/examples/network/build.yml' as build file
2018/03/15 20:39:27 ▶ Collecting artifact information
2018/03/15 20:39:27 ▶ Building 1 steps
2018/03/15 20:39:27 ▶ Step 1 - builder, image-name = 'builder'
2018/03/15 20:39:27 ▶ Step 1 - Build for builder
2018/03/15 20:39:27 ▶ Step 1 - Building builder from context '/Users/kuoka-yusuke/go/src/github.com/cloud66/habitus/examples/network'
2018/03/15 20:39:27 ▶ Step 1 - Parsing and converting 'Dockerfile'
2018/03/15 20:39:27 ▶ Step 1 - Writing the new Dockerfile into '/Users/kuoka-yusuke/go/src/github.com/cloud66/habitus/examples/network/Dockerfile.generated'
2018/03/15 20:39:27 ▶ Step 1 - Building the builder image from /Users/kuoka-yusuke/go/src/github.com/cloud66/habitus/examples/network/Dockerfile.generated
Step 1/7 : FROM ubuntu
 ---> f975c5035748
Step 2/7 : RUN apt-get update && apt-get install -y wget
 ---> Using cache
 ---> 07821c8ff8f6
Step 3/7 : ARG host
 ---> Using cache
 ---> 3fab8034e46a
Step 4/7 : ARG port
 ---> Using cache
 ---> 004ee59f9a02
Step 5/7 : ENV ASSET /asset
 ---> Using cache
 ---> 20e3d5b78f2d
Step 6/7 : RUN wget -q -O $ASSET http://$host:$port/
 ---> Running in ad7137afc4cb
 ---> f94330eacbcd
Removing intermediate container ad7137afc4cb
Step 7/7 : RUN cat $ASSET
 ---> Running in c7cd838be46d
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
 ---> ecd4a27d7b4d
Removing intermediate container c7cd838be46d
Successfully built ecd4a27d7b4d
Successfully tagged builder:latest
```
@mumoshu mumoshu mentioned this issue Mar 15, 2018
Merged
@mumoshu
Copy link
Collaborator

mumoshu commented Mar 15, 2018

I have submitted #94 to address this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mumoshu @khash @neverfox