pebble
pebble copied to clipboard
letsencrypt
Docker: Use hostname instead of IP addresses
Is it possible to use hostnames as parameters, instead of IP addresses?
Currently, the docker-compose file uses a subnet and fixed IP addresses. I cannot set up a docker network in my integration tests though (long story), so I have to do ugly workarounds.
With hostnames instead of IPs, this would be possible (if I'm not mistaken):
version: "3"
services:
pebble:
image: ghcr.io/letsencrypt/pebble:latest
command: -config test/config/pebble-config.json -strict -dnsserver challtestsrv:8053
ports:
- 14000:14000
- 15000:15000
challtestsrv:
image: ghcr.io/letsencrypt/pebble-challtestsrv:latest
command: -defaultIPv6 "" -defaultIPv4 challtestsrv
ports:
- 8055:8055
Would you mind explaining some of the long story please? I'm curious about it.
On Fri, Mar 22, 2024, 8:35 AM Richard Körber @.***> wrote:
Is it possible to use hostnames as parameters, instead of IP addresses?
Currently, the docker-compose file uses a subnet and fixed IP addresses. I cannot set up a docker network in my integration tests though (long story), so I have to do ugly workarounds.
With hostnames instead of IPs, this would be possible (if I'm not mistaken):
version: "3" services: pebble: image: ghcr.io/letsencrypt/pebble:latest command: -config test/config/pebble-config.json -strict -dnsserver challtestsrv:8053 ports: - 14000:14000 - 15000:15000 challtestsrv: image: ghcr.io/letsencrypt/pebble-challtestsrv:latest command: -defaultIPv6 "" -defaultIPv4 challtestsrv ports: - 8055:8055
— Reply to this email directly, view it on GitHub https://github.com/letsencrypt/pebble/issues/453, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASFVZKPPYTDZUVK2IPDGP3YZQQSPAVCNFSM6AAAAABFDH4DEOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGIYDEMZZHEYDKOA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
OK, let's make a short story long. :wink: I'm running integration tests in Java, and I'm starting the docker containers from the build script.
I have used a construct like this, where getent hosts resolved the IP from /etc/hosts:
<arg>sh</arg>
<arg>-c</arg>
<arg>pebble -strict -dnsserver $(getent hosts challtestsrv|cut -d' ' -f1):8053 -config /test/config/pebble-config.json</arg>
Unfortunately it won't work anymore, because the new pebble and challtestsrv images are based on the scratch image, so there are no commands like getent, or even cut.
Then I tried to set up a network with fixed IP addresses, like in Pebble's docker-compose.yml. But the docker extension of my build tool is unable to set up networks, neither in the build script nor by using docker compose. I would have to set up the network manually before running the integration tests.
My current solution is to build fresh docker images based on alpine, and "steal" the relevant application files from the new pebble and challtestsrv docker images. Now I can do my getent hosts challtestsrv trick again. (Well, it works, but it won't win a beauty pageant.)
In my example above, it would be unnecessary to set up a subnet with fixed IP addresses, and I also wouldn't need the getent trick.
We should be able to support hostnames instead of hardcoded IPs, and I think that makes sense to do. I'll take a bit of a run at it.
There is PR with the fix: https://github.com/letsencrypt/challtestsrv/pull/20
Thanks @mitar, I didn't notice that PR (sorry, I wasn't watching the challtestsrv github repo). Yes, I do think that's a duplicate, and we can use your work there.
On Pebble's side, the -dnsserver option already seems to accept hostnames. So @mitar's PR would resolve this issue.
I'm closing it as duplicate. Thank you!