From d4bea54dfee2856f32f20876db234e778bf91e14 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 14 Sep 2020 10:19:07 +0200 Subject: move `rootless-cni-infra` image to quay.io Move the `rootless-cni-infra` image to `quay.io/libpod/rootless-cni-image:$tag` where $tag has the format `$version-$architecture`. Whenever we upload a new image (e.g., after changing the Containerfile), we need to make sure to increase the version number (an ordinary integer for simplicity) so we have a notion of support. Thanks to @AkihiroSuda for working on rootless CNI! Fixes: #7617 Signed-off-by: Valentin Rothberg --- contrib/rootless-cni-infra/Containerfile | 2 ++ contrib/rootless-cni-infra/README.md | 2 ++ contrib/rootless-cni-infra/rootless-cni-infra | 3 +-- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/contrib/rootless-cni-infra/Containerfile b/contrib/rootless-cni-infra/Containerfile index c5d812a6e..5be30ccc9 100644 --- a/contrib/rootless-cni-infra/Containerfile +++ b/contrib/rootless-cni-infra/Containerfile @@ -33,3 +33,5 @@ COPY --from=dnsname /dnsname /opt/cni/bin COPY rootless-cni-infra /usr/local/bin ENV CNI_PATH=/opt/cni/bin CMD ["sleep", "infinity"] + +ENV ROOTLESS_CNI_INFRA_VERSION=1 diff --git a/contrib/rootless-cni-infra/README.md b/contrib/rootless-cni-infra/README.md index 937e057fb..5aa13374b 100644 --- a/contrib/rootless-cni-infra/README.md +++ b/contrib/rootless-cni-infra/README.md @@ -16,6 +16,8 @@ Podman then allocates a CNI netns in the infra container, by executing an equiva The allocated netns is deallocated when the container is being removed, by executing an equivalent of: `podman exec rootless-cni-infra rootless-cni-infra dealloc $CONTAINER_ID $NETWORK_NAME`. +The container images live on `quay.io/libpod/rootless-cni-infra`. The tags have the format `$version-$architecture`. Please make sure to increase the version number in the Containerfile (i.e., `ROOTLESS_CNI_INFRA_VERSION`) when applying changes to this directory. After committing the changes, upload the image(s) with the corresponding tag. + ## Directory layout * `/run/rootless-cni-infra/${CONTAINER_ID}/pid`: PID of the `sleep infinity` process that corresponds to the allocated netns diff --git a/contrib/rootless-cni-infra/rootless-cni-infra b/contrib/rootless-cni-infra/rootless-cni-infra index 5a574d2eb..f6622b23c 100755 --- a/contrib/rootless-cni-infra/rootless-cni-infra +++ b/contrib/rootless-cni-infra/rootless-cni-infra @@ -2,7 +2,6 @@ set -eu ARG0="$0" -VERSION="0.1.0" BASE="/run/rootless-cni-infra" # CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME" @@ -126,7 +125,7 @@ cmd_entrypoint_help() { # CLI subcommand: "version" cmd_entrypoint_version() { - echo "{\"version\": \"${VERSION}\"}" + echo "{\"version\": \"${ROOTLESS_CNI_INFRA_VERSION}\"}" } # parse args -- cgit v1.2.3-54-g00ecf From 02f8acce2a8484e29469e47dbe2cd1ee88700092 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 14 Sep 2020 13:12:47 +0200 Subject: libpod: rootless CNI image: use quay Use the newly built image from quay.io. Also reference the image by digest. Signed-off-by: Valentin Rothberg --- libpod/rootless_cni_linux.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go index 76dbfdcae..0f3db1f38 100644 --- a/libpod/rootless_cni_linux.go +++ b/libpod/rootless_cni_linux.go @@ -22,10 +22,9 @@ import ( "github.com/sirupsen/logrus" ) +// Built from ../contrib/rootless-cni-infra. var rootlessCNIInfraImage = map[string]string{ - // Built from ../contrib/rootless-cni-infra - // TODO: move to Podman's official quay - "amd64": "ghcr.io/akihirosuda/podman-rootless-cni-infra:gd34868a13-amd64", + "amd64": "quay.io/libpod/rootless-cni-infra@sha256:8aa681c4c08dee3ec5d46ff592fddd0259a35626717006d6b77ee786b1d02967", // 1-amd64 } const ( -- cgit v1.2.3-54-g00ecf From 155d43631eb9ddadee6f2f277436e35c6ef58406 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 14 Sep 2020 15:18:26 +0200 Subject: rootless CNI: extract env and cmd from image Signed-off-by: Valentin Rothberg --- libpod/rootless_cni_linux.go | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go index 0f3db1f38..31097dd16 100644 --- a/libpod/rootless_cni_linux.go +++ b/libpod/rootless_cni_linux.go @@ -13,6 +13,7 @@ import ( "github.com/containernetworking/plugins/pkg/ns" "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/libpod/image" + "github.com/containers/podman/v2/pkg/env" "github.com/containers/podman/v2/pkg/util" "github.com/containers/storage/pkg/lockfile" "github.com/hashicorp/go-multierror" @@ -257,9 +258,23 @@ func startRootlessCNIInfraContainer(ctx context.Context, r *Runtime) (*Container Options: []string{"ro"}, } g.AddMount(etcCNINetD) - // FIXME: how to propagate ProcessArgs and Envs from Dockerfile? - g.SetProcessArgs([]string{"sleep", "infinity"}) - g.AddProcessEnv("CNI_PATH", "/opt/cni/bin") + + inspectData, err := newImage.Inspect(ctx) + if err != nil { + return nil, err + } + imageEnv, err := env.ParseSlice(inspectData.Config.Env) + if err != nil { + return nil, err + } + for k, v := range imageEnv { + g.AddProcessEnv(k, v) + } + if len(inspectData.Config.Cmd) == 0 { + return nil, errors.Errorf("rootless CNI infra image %q has no command specified", imageName) + } + g.SetProcessArgs(inspectData.Config.Cmd) + var options []CtrCreateOption options = append(options, WithRootFSFromImage(newImage.ID(), imageName, imageName)) options = append(options, WithCtrNamespace(rootlessCNIInfraContainerNamespace)) -- cgit v1.2.3-54-g00ecf