diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-04-21 19:34:47 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-04-21 19:34:47 +0200 |
| commit | ee6bf7e9af5c6a25177a652f6a455ebb7438186d (patch) | |
| tree | 0cf368bb8611dd9502c3f68366f77cac92004061 /src | |
| parent | fae397c69391295dbca272d6e58f95f81b95737d (diff) | |
| download | vyos-1x-ee6bf7e9af5c6a25177a652f6a455ebb7438186d.tar.gz vyos-1x-ee6bf7e9af5c6a25177a652f6a455ebb7438186d.zip | |
containers: T2216: the first IP address is always reserved for podman
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/containers.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/conf_mode/containers.py b/src/conf_mode/containers.py index ded82d155..9b7a52d26 100755 --- a/src/conf_mode/containers.py +++ b/src/conf_mode/containers.py @@ -113,17 +113,21 @@ def verify(container): raise ConfigError(f'Can not use "address" without "network" for container "{name}"!') address = container_config['network'][network_name]['address'] - network = container['network'][network_name]['prefix'] - network = None if is_ipv4(address): network = [x for x in container['network'][network_name]['prefix'] if is_ipv4(x)][0] elif is_ipv6(address): network = [x for x in container['network'][network_name]['prefix'] if is_ipv6(x)][0] + # Specified container IP address must belong to network prefix if ip_address(address) not in ip_network(network): raise ConfigError(f'Used container address "{address}" not in network "{network}"!') + # We can not use the first IP address of a network prefix as this is used by podman + if ip_address(address) == ip_network(network)[1]: + raise ConfigError(f'Address "{address}" reserved for the container engine!') + + # Container image is a mandatory option if 'image' not in container_config: raise ConfigError(f'Container image for "{name}" is mandatory!') |