diff options
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/options.go | 15 | ||||
-rw-r--r-- | libpod/runtime.go | 15 |
2 files changed, 30 insertions, 0 deletions
diff --git a/libpod/options.go b/libpod/options.go index 8a12c61e4..1fe472ccc 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -250,6 +250,21 @@ func WithNoPivotRoot(noPivot bool) RuntimeOption { } } +// WithCNIDirs sets the CNI configuration and network plugin directories used by +// the CNI network plugins +func WithCNIDirs(cniConfigDir, cniPluginDir string) RuntimeOption { + return func(rt *Runtime) error { + if rt.valid { + return ErrRuntimeFinalized + } + + rt.config.CNIConfigDir = cniConfigDir + rt.config.CNIPluginDir = cniPluginDir + + return nil + } +} + // Container Creation Options // WithShmDir sets the directory that should be mounted on /dev/shm diff --git a/libpod/runtime.go b/libpod/runtime.go index b25d5f78c..9712b6dd3 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -8,6 +8,7 @@ import ( is "github.com/containers/image/storage" "github.com/containers/image/types" "github.com/containers/storage" + "github.com/cri-o/ocicni/pkg/ocicni" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/ulule/deepcopier" @@ -26,6 +27,7 @@ type Runtime struct { imageContext *types.SystemContext ociRuntime *OCIRuntime lockDir string + netPlugin ocicni.CNIPlugin valid bool lock sync.RWMutex } @@ -48,6 +50,8 @@ type RuntimeConfig struct { PidsLimit int64 MaxLogSize int64 NoPivotRoot bool + CNIConfigDir string + CNIPluginDir string } var ( @@ -68,6 +72,8 @@ var ( PidsLimit: 1024, MaxLogSize: -1, NoPivotRoot: false, + CNIConfigDir: "/etc/cni/net.d/", + CNIPluginDir: "/opt/cni/bin/", } ) @@ -157,6 +163,15 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) { } } + // Set up the CNI net plugin + netPlugin, err := ocicni.InitCNI(runtime.config.CNIConfigDir, runtime.config.CNIPluginDir) + if err != nil { + return nil, errors.Wrapf(err, "error configuring CNI network plugin") + } + runtime.netPlugin = netPlugin + + // TODO: iptables/firewalld integration to ensure rules are in place for forwarding + // Set up the state if runtime.config.InMemoryState { state, err := NewInMemoryState() |