docker: generate /etc/hosts file for bridge network mode

[tgross]

Fixes #8900 and #7746. This is heavily based on @nickethier's earlier work on /etc/resolv.conf

When network.mode = "bridge", we create a pause container in Docker with no
networking so that we have a process to hold the network namespace we create
in Nomad. The default /etc/hosts file of that pause container is then used
for all the Docker tasks that share that network namespace. Some applications
rely on this file being populated.

This changeset generates a /etc/hosts file and bind-mounts it to the
container when Nomad owns the network, so that the container's hostname has an
IP in the file as expected. The hosts file will include the entries added by
the Docker driver's extra_hosts field.

In this changeset, only the Docker task driver will take advantage of this
option, as the exec/java drivers currently copy the host's /etc/hosts
file and this can't be changed without breaking backwards compatibility. But
the fields are available in the task driver protobuf for community task
drivers to use if they'd like.

---

With this changeset, and the following job:

jobspec

job "example" {
  datacenters = ["dc1"]

  group "web" {

    network {
      mode = "bridge"
      port "www" {
        to = 8001
      }
    }

    task "httpd" {
      driver = "docker"

      config {
        image       = "busybox:1"
        command     = "httpd"
        args        = ["-v", "-f", "-p", "8001", "-h", "/local"]
        extra_hosts = ["wintermute:192.168.1.246"]
        ports       = ["www"]
      }

      template {
        data        = "<html>hello, world</html>"
        destination = "local/index.html"
      }

      resources {
        cpu    = 128
        memory = 128
      }
    }
  }
}

Results:

$ docker ps
CONTAINER ID   IMAGE                                      COMMAND                  CREATED         STATUS         PORTS     NAMES
34c0b3a0909c   busybox:1                                  "httpd -v -f -p 8001…"   7 seconds ago   Up 6 seconds             httpd-43714360-04ad-ff9c-d8b4-29d5c7961967
567fb409bebe   gcr.io/google_containers/pause-amd64:3.1   "/pause"                 8 seconds ago   Up 6 seconds             nomad_init_43714360-04ad-ff9c-d8b4-29d5c7961967

$ docker exec -it 34c hostname -f
567fb409bebe

$ docker exec -it 34c cat /etc/hosts
# this file was generated by Nomad
127.0.0.1 localhost
::1 localhost
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

# this entry is the IP address and hostname of the allocation
# shared with tasks in the task group's network
172.26.64.185 567fb409bebe

# these entries are extra hosts added by the task config
192.168.1.246 wintermute

I've tested this out in non-bridge networking modes and we're correctly leaving everything untouched as expected.

[notnoop]

Did a quick read and the approach seems good. A couple of minor comments you can consider, and plan to do another round of review later today.

[shoenig]

LGTM; I like the thought of doing the same to exec/java in #10768 in the next feature release

[notnoop]

LGTM. Great - thanks!

[github-actions]

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.