summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Holzinger <paul.holzinger@web.de>2020-11-24 14:56:35 +0100
committerPaul Holzinger <paul.holzinger@web.de>2021-01-27 17:35:54 +0100
commitc717b3cacad00ec8ea5415a2246994ac3adf7ae0 (patch)
tree5c033b783255244f69db20a208cb25e8dbd94cb5
parent2ff4da9b59df27584e436ff59a9d12b2c5e5e410 (diff)
downloadpodman-c717b3cacad00ec8ea5415a2246994ac3adf7ae0.tar.gz
podman-c717b3cacad00ec8ea5415a2246994ac3adf7ae0.tar.bz2
podman-c717b3cacad00ec8ea5415a2246994ac3adf7ae0.zip
Allow static ip and mac with rootless cni network
Make sure we pass the ip and mac address as CNI_ARGS to the cnitool which is executed in the rootless-cni-infra container. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
-rw-r--r--contrib/rootless-cni-infra/Containerfile2
-rwxr-xr-xcontrib/rootless-cni-infra/rootless-cni-infra14
-rw-r--r--libpod/rootless_cni_linux.go19
-rw-r--r--pkg/specgen/container_validate.go2
-rw-r--r--pkg/specgen/pod_validate.go2
-rw-r--r--test/e2e/create_staticip_test.go6
-rw-r--r--test/e2e/create_staticmac_test.go8
-rw-r--r--test/e2e/create_test.go4
-rw-r--r--test/e2e/pod_create_test.go4
-rw-r--r--test/e2e/pod_inspect_test.go2
-rw-r--r--test/e2e/run_networking_test.go6
-rw-r--r--test/e2e/run_staticip_test.go2
12 files changed, 39 insertions, 32 deletions
diff --git a/contrib/rootless-cni-infra/Containerfile b/contrib/rootless-cni-infra/Containerfile
index 871e06a6c..579d192b9 100644
--- a/contrib/rootless-cni-infra/Containerfile
+++ b/contrib/rootless-cni-infra/Containerfile
@@ -33,4 +33,4 @@ COPY rootless-cni-infra /usr/local/bin
ENV CNI_PATH=/opt/cni/bin
CMD ["sleep", "infinity"]
-ENV ROOTLESS_CNI_INFRA_VERSION=3
+ENV ROOTLESS_CNI_INFRA_VERSION=4
diff --git a/contrib/rootless-cni-infra/rootless-cni-infra b/contrib/rootless-cni-infra/rootless-cni-infra
index 463254c7f..bafa18144 100755
--- a/contrib/rootless-cni-infra/rootless-cni-infra
+++ b/contrib/rootless-cni-infra/rootless-cni-infra
@@ -21,16 +21,18 @@ wait_unshare_net() {
done
}
-# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME"
+# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC"
cmd_entrypoint_alloc() {
- if [ "$#" -ne 3 ]; then
- echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME"
+ if [ "$#" -ne 5 ]; then
+ echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC"
exit 1
fi
ID="$1"
NET="$2"
K8S_POD_NAME="$3"
+ IP="$4"
+ MAC="$5"
dir="${BASE}/${ID}"
mkdir -p "${dir}/attached" "${dir}/attached-args"
@@ -46,6 +48,12 @@ cmd_entrypoint_alloc() {
nsenter -t "${pid}" -n ip link set lo up
fi
CNI_ARGS="IgnoreUnknown=1;K8S_POD_NAME=${K8S_POD_NAME}"
+ if [ "$IP" ]; then
+ CNI_ARGS="$CNI_ARGS;IP=${IP}"
+ fi
+ if [ "$MAC" ]; then
+ CNI_ARGS="$CNI_ARGS;MAC=${MAC}"
+ fi
nwcount=$(find "${dir}/attached" -type f | wc -l)
CNI_IFNAME="eth${nwcount}"
export CNI_ARGS CNI_IFNAME
diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go
index 9a980750f..9cfadc1f1 100644
--- a/libpod/rootless_cni_linux.go
+++ b/libpod/rootless_cni_linux.go
@@ -25,7 +25,7 @@ import (
// Built from ../contrib/rootless-cni-infra.
var rootlessCNIInfraImage = map[string]string{
- "amd64": "quay.io/libpod/rootless-cni-infra@sha256:304742d5d221211df4ec672807a5842ff11e3729c50bc424ea0cea858f69d7b7", // 3-amd64
+ "amd64": "quay.io/luap99/rootless-cni-infra@sha256:4e9f1e223463a46d9f9b019c0fa8c902494ed34872f75104d985b23812f19683", // 4-amd64
}
const (
@@ -58,9 +58,18 @@ func AllocRootlessCNI(ctx context.Context, c *Container) (ns.NetNS, []*cnitypes.
return nil, nil, err
}
k8sPodName := getCNIPodName(c) // passed to CNI as K8S_POD_NAME
+ ip := ""
+ if c.config.StaticIP != nil {
+ ip = c.config.StaticIP.String()
+ }
+ mac := ""
+ if c.config.StaticMAC != nil {
+ mac = c.config.StaticMAC.String()
+ }
+
cniResults := make([]*cnitypes.Result, len(networks))
for i, nw := range networks {
- cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName)
+ cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName, ip, mac)
if err != nil {
return nil, nil, err
}
@@ -137,11 +146,11 @@ func getCNIPodName(c *Container) string {
return c.Name()
}
-func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName string) (*cnitypes.Result, error) {
- logrus.Debugf("rootless CNI: alloc %q, %q, %q", id, nw, k8sPodName)
+func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName, ip, mac string) (*cnitypes.Result, error) {
+ logrus.Debugf("rootless CNI: alloc %q, %q, %q, %q, %q", id, nw, k8sPodName, ip, mac)
var err error
- _, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName)
+ _, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName, ip, mac)
if err != nil {
return nil, err
}
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index a0d36f865..81cb8b78d 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -30,7 +30,7 @@ func exclusiveOptions(opt1, opt2 string) error {
// input for creating a container.
func (s *SpecGenerator) Validate() error {
- if rootless.IsRootless() {
+ if rootless.IsRootless() && len(s.CNINetworks) == 0 {
if s.StaticIP != nil || s.StaticIPv6 != nil {
return ErrNoStaticIPRootless
}
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index 7c81f3f9f..518adb32f 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -20,7 +20,7 @@ func exclusivePodOptions(opt1, opt2 string) error {
// Validate verifies the input is valid
func (p *PodSpecGenerator) Validate() error {
- if rootless.IsRootless() {
+ if rootless.IsRootless() && len(p.CNINetworks) == 0 {
if p.StaticIP != nil {
return ErrNoStaticIPRootless
}
diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go
index 7a2267617..698bbf976 100644
--- a/test/e2e/create_staticip_test.go
+++ b/test/e2e/create_staticip_test.go
@@ -49,7 +49,7 @@ var _ = Describe("Podman create with --ip flag", func() {
})
It("Podman create --ip with non-allocatable IP", func() {
- SkipIfRootless("--ip is not supported in rootless mode")
+ SkipIfRootless("--ip not supported without network in rootless mode")
result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
@@ -63,7 +63,7 @@ var _ = Describe("Podman create with --ip flag", func() {
ip := GetRandomIPAddress()
result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", ip, ALPINE, "ip", "addr"})
result.WaitWithDefaultTimeout()
- // Rootless static ip assignment should error
+ // Rootless static ip assignment without network should error
if rootless.IsRootless() {
Expect(result.ExitCode()).To(Equal(125))
} else {
@@ -81,7 +81,7 @@ var _ = Describe("Podman create with --ip flag", func() {
})
It("Podman create two containers with the same IP", func() {
- SkipIfRootless("--ip not supported in rootless mode")
+ SkipIfRootless("--ip not supported without network in rootless mode")
ip := GetRandomIPAddress()
result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"})
result.WaitWithDefaultTimeout()
diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go
index 1ac431da2..4c8f371a4 100644
--- a/test/e2e/create_staticmac_test.go
+++ b/test/e2e/create_staticmac_test.go
@@ -56,11 +56,7 @@ var _ = Describe("Podman run with --mac-address flag", func() {
result := podmanTest.Podman([]string{"run", "--network", net, "--mac-address", "92:d0:c6:00:29:34", ALPINE, "ip", "addr"})
result.WaitWithDefaultTimeout()
- if rootless.IsRootless() {
- Expect(result.ExitCode()).To(Equal(125))
- } else {
- Expect(result.ExitCode()).To(Equal(0))
- Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:00:29:34"))
- }
+ Expect(result.ExitCode()).To(Equal(0))
+ Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:00:29:34"))
})
})
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index 73d92e5a0..67c08ac09 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -553,7 +553,7 @@ var _ = Describe("Podman create", func() {
})
It("create container in pod with IP should fail", func() {
- SkipIfRootless("Setting IP not supported in rootless mode")
+ SkipIfRootless("Setting IP not supported in rootless mode without network")
name := "createwithstaticip"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
@@ -565,7 +565,7 @@ var _ = Describe("Podman create", func() {
})
It("create container in pod with mac should fail", func() {
- SkipIfRootless("Setting MAC Address not supported in rootless mode")
+ SkipIfRootless("Setting MAC Address not supported in rootless mode without network")
name := "createwithstaticmac"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index be0a2f6f0..9c448a81e 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -233,7 +233,7 @@ var _ = Describe("Podman pod create", func() {
ip := GetRandomIPAddress()
podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name})
podCreate.WaitWithDefaultTimeout()
- // Rootless should error
+ // Rootless should error without network
if rootless.IsRootless() {
Expect(podCreate.ExitCode()).To(Equal(125))
} else {
@@ -246,7 +246,7 @@ var _ = Describe("Podman pod create", func() {
})
It("podman container in pod with IP address shares IP address", func() {
- SkipIfRootless("Rootless does not support --ip")
+ SkipIfRootless("Rootless does not support --ip without network")
podName := "test"
ctrName := "testCtr"
ip := GetRandomIPAddress()
diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go
index 25212991d..fd9589afe 100644
--- a/test/e2e/pod_inspect_test.go
+++ b/test/e2e/pod_inspect_test.go
@@ -101,7 +101,7 @@ var _ = Describe("Podman pod inspect", func() {
})
It("podman pod inspect outputs show correct MAC", func() {
- SkipIfRootless("--mac-address is not supported in rootless mode")
+ SkipIfRootless("--mac-address is not supported in rootless mode without network")
podName := "testPod"
macAddr := "42:43:44:00:00:01"
create := podmanTest.Podman([]string{"pod", "create", "--name", podName, "--mac-address", macAddr})
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index cbaae7186..ebea2132a 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -621,7 +621,6 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run in custom CNI network with --static-ip", func() {
- SkipIfRootless("Rootless mode does not support --ip")
netName := stringid.GenerateNonCryptoID()
ipAddr := "10.25.30.128"
create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
@@ -633,10 +632,6 @@ var _ = Describe("Podman run networking", func() {
run.WaitWithDefaultTimeout()
Expect(run.ExitCode()).To(BeZero())
Expect(run.OutputToString()).To(ContainSubstring(ipAddr))
-
- create = podmanTest.Podman([]string{"network", "rm", netName})
- create.WaitWithDefaultTimeout()
- Expect(create.ExitCode()).To(BeZero())
})
It("podman rootless fails custom CNI network with --uidmap", func() {
@@ -658,7 +653,6 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run with new:pod and static-ip", func() {
- SkipIfRootless("Rootless does not support --ip")
netName := stringid.GenerateNonCryptoID()
ipAddr := "10.25.40.128"
podname := "testpod"
diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go
index 8383b1812..aeb462ae9 100644
--- a/test/e2e/run_staticip_test.go
+++ b/test/e2e/run_staticip_test.go
@@ -19,7 +19,7 @@ var _ = Describe("Podman run with --ip flag", func() {
)
BeforeEach(func() {
- SkipIfRootless("rootless does not support --ip")
+ SkipIfRootless("rootless does not support --ip without network")
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)