From 7f531263e6e41195278f205ad01274487cc1c1e0 Mon Sep 17 00:00:00 2001 From: baude Date: Wed, 20 Dec 2017 15:13:52 -0600 Subject: Add default CNI configuration podman needs a pair of configuration files to set up its default network configuration: a bridge and loopback file. Signed-off-by: baude Closes: #161 Approved by: baude --- .papr.sh | 2 +- Dockerfile | 17 ----------- Makefile | 8 ++++-- cni/97-podman-bridge.conf | 15 ++++++++++ cni/98-podman-loopback.conf | 4 +++ contrib/cni/10-crio-bridge.conf | 15 ---------- contrib/cni/99-loopback.conf | 4 --- contrib/cni/README.md | 16 ----------- test/helpers.bash | 62 +++++------------------------------------ test/podman_attach.bats | 1 - test/podman_commit.bats | 1 - test/podman_create.bats | 1 - test/podman_diff.bats | 1 - test/podman_exec.bats | 1 - test/podman_export.bats | 1 - test/podman_history.bats | 1 - test/podman_images.bats | 4 --- test/podman_import.bats | 1 - test/podman_inspect.bats | 1 - test/podman_kill.bats | 1 - test/podman_load.bats | 1 - test/podman_logs.bats | 1 - test/podman_mount.bats | 1 - test/podman_pause.bats | 1 - test/podman_ps.bats | 1 - test/podman_push.bats | 1 - test/podman_rm.bats | 1 - test/podman_run.bats | 1 - test/podman_run_device.bats | 1 - test/podman_run_ns.bats | 1 - test/podman_save.bats | 1 - test/podman_start.bats | 1 - test/podman_stats.bats | 1 - test/podman_stop.bats | 1 - test/podman_top.bats | 1 - test/podman_wait.bats | 1 - 36 files changed, 33 insertions(+), 140 deletions(-) create mode 100644 cni/97-podman-bridge.conf create mode 100644 cni/98-podman-loopback.conf delete mode 100644 contrib/cni/10-crio-bridge.conf delete mode 100644 contrib/cni/99-loopback.conf delete mode 100644 contrib/cni/README.md diff --git a/.papr.sh b/.papr.sh index 2e2b43f7a..e9ac72fe1 100755 --- a/.papr.sh +++ b/.papr.sh @@ -94,5 +94,5 @@ if [[ ${PACKAGER} != "yum" ]]; then fi make TAGS="${TAGS}" -make TAGS="${TAGS}" install PREFIX=/host/usr +make TAGS="${TAGS}" install PREFIX=/host/usr ETCDIR=/host/etc make TAGS="${TAGS}" test-binaries diff --git a/Dockerfile b/Dockerfile index a07832d32..6764bdf1a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -79,23 +79,6 @@ RUN set -x \ && cp bin/* /usr/libexec/cni \ && rm -rf "$GOPATH" -# Install custom CNI bridge test plugin -# XXX: this plugin is meant to be a replacement for the old "test_plugin_args.bash" -# we need this in testing because sandbox_run now gather IP address and the mock -# plugin wasn't able to properly setup the net ns. -# The bridge is based on the same commit as the one above. -#ENV CNI_COMMIT 6bfe036c38c8e1410f1acaa4b2ee16f1851472e4 -ENV CNI_TEST_BRANCH custom-bridge -RUN set -x \ - && export GOPATH="$(mktemp -d)" \ - && git clone https://github.com/runcom/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \ - && cd "$GOPATH/src/github.com/containernetworking/plugins" \ - && git checkout -q "$CNI_TEST_BRANCH" \ - && ./build.sh \ - && mkdir -p /opt/cni/bin \ - && cp bin/bridge /opt/cni/bin/bridge-custom \ - && rm -rf "$GOPATH" - # Install crictl ENV CRICTL_COMMIT 16e6fe4d7199c5689db4630a9330e6a8a12cecd1 RUN set -x \ diff --git a/Makefile b/Makefile index 2f6c50f74..0322ecf8d 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ PREFIX ?= ${DESTDIR}/usr/local BINDIR ?= ${PREFIX}/bin LIBEXECDIR ?= ${PREFIX}/libexec MANDIR ?= ${PREFIX}/share/man -ETCDIR ?= ${DESTDIR}/etc +ETCDIR ?= /etc ETCDIR_LIBPOD ?= ${ETCDIR}/crio BUILDTAGS ?= seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) $(shell hack/btrfs_installed_tag.sh) $(shell hack/ostree_tag.sh) $(shell hack/selinux_tag.sh) @@ -135,7 +135,7 @@ docs/%.1: docs/%.1.md .gopathok docs: $(MANPAGES) -install: .gopathok install.bin install.man +install: .gopathok install.bin install.man install.cni install.bin: install ${SELINUXOPT} -D -m 755 bin/podman $(BINDIR)/podman @@ -153,6 +153,10 @@ install.completions: install ${SELINUXOPT} -d -m 755 ${BASHINSTALLDIR} install ${SELINUXOPT} -m 644 -D completions/bash/podman ${BASHINSTALLDIR} +install.cni: + install ${SELINUXOPT} -D -m 644 cni/98-podman-loopback.conf ${ETCDIR}/cni/net.d/98-podman-loopback.conf + install ${SELINUXOPT} -m 644 cni/97-podman-bridge.conf ${ETCDIR}/cni/net.d/97-podman-bridge.conf + uninstall: rm -f $(LIBEXECDIR)/crio/conmon for i in $(filter %.1,$(MANPAGES)); do \ diff --git a/cni/97-podman-bridge.conf b/cni/97-podman-bridge.conf new file mode 100644 index 000000000..27fc096c4 --- /dev/null +++ b/cni/97-podman-bridge.conf @@ -0,0 +1,15 @@ +{ + "cniVersion": "0.3.0", + "name": "podman", + "type": "bridge", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "10.88.0.0/16", + "routes": [ + { "dst": "0.0.0.0/0" } + ] + } +} diff --git a/cni/98-podman-loopback.conf b/cni/98-podman-loopback.conf new file mode 100644 index 000000000..dd6630a85 --- /dev/null +++ b/cni/98-podman-loopback.conf @@ -0,0 +1,4 @@ +{ + "cniVersion": "0.2.0", + "type": "loopback" +} diff --git a/contrib/cni/10-crio-bridge.conf b/contrib/cni/10-crio-bridge.conf deleted file mode 100644 index 27f0ddfec..000000000 --- a/contrib/cni/10-crio-bridge.conf +++ /dev/null @@ -1,15 +0,0 @@ -{ - "cniVersion": "0.2.0", - "name": "crio-bridge", - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.88.0.0/16", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } -} diff --git a/contrib/cni/99-loopback.conf b/contrib/cni/99-loopback.conf deleted file mode 100644 index dd6630a85..000000000 --- a/contrib/cni/99-loopback.conf +++ /dev/null @@ -1,4 +0,0 @@ -{ - "cniVersion": "0.2.0", - "type": "loopback" -} diff --git a/contrib/cni/README.md b/contrib/cni/README.md deleted file mode 100644 index 78e22fd36..000000000 --- a/contrib/cni/README.md +++ /dev/null @@ -1,16 +0,0 @@ -## `contrib/cni` ## - -There are a wide variety of different [CNI][cni] network configurations. This -directory just contains some example configurations that can be used as the -basis for your own configurations (distributions should package these files in -example directories). - -To use these configurations, place them in `/etc/cni/net.d` (or the directory -specified by `crio.network.network_dir` in your `crio.conf`). - -In addition, you need to install the [CNI plugins][cni] necessary into -`/opt/cni/bin` (or the directory specified by `crio.network.plugin_dir`). The -two plugins necessary for the example CNI configurations are `loopback` and -`bridge`. - -[cni]: https://github.com/containernetworking/plugins diff --git a/test/helpers.bash b/test/helpers.bash index 30f66f283..2ac203027 100644 --- a/test/helpers.bash +++ b/test/helpers.bash @@ -85,7 +85,7 @@ HOOKS_OPTS="--hooks-dir-path=$HOOKSDIR" MOUNT_PATH="$TESTDIR/secrets" mkdir ${MOUNT_PATH} MOUNT_FILE="${MOUNT_PATH}/test.txt" -touch ${MOUNT_FILE} +touch ${MOUNT_FILE}} echo "Testing secrets mounts!" > ${MOUNT_FILE} DEFAULT_MOUNTS_OPTS="--default-mounts=${MOUNT_PATH}:/container/path1" @@ -104,11 +104,16 @@ if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then filelabel=$(awk -F'"' '/^file.*=.*/ {print $2}' /etc/selinux/${SELINUXTYPE}/contexts/lxc_contexts) chcon -R ${filelabel} $TESTDIR fi -LIBPOD_CNI_CONFIG="$TESTDIR/cni/net.d/" + +LIBPOD_CNI_CONFIG="$TESTDIR/etc/cni/net.d/" LIBPOD_CNI_PLUGIN=${LIBPOD_CNI_PLUGIN:-/opt/cni/bin/} POD_CIDR="10.88.0.0/16" POD_CIDR_MASK="10.88.*.*" +# Make sure the cni config dirs are created and populate them with the default configs +mkdir -p ${LIBPOD_CNI_CONFIG} +cp ${CRIO_ROOT}/cni/* ${LIBPOD_CNI_CONFIG} + PODMAN_OPTIONS="--root $TESTDIR/crio $STORAGE_OPTIONS --runroot $TESTDIR/crio-run --runtime ${RUNTIME_BINARY} --conmon ${CONMON_BINARY} --cni-config-dir ${LIBPOD_CNI_CONFIG}" cp "$CONMON_BINARY" "$TESTDIR/conmon" @@ -193,59 +198,6 @@ function is_apparmor_enabled() { echo 0 } -function prepare_network_conf() { - mkdir -p $LIBPOD_CNI_CONFIG - cat >$LIBPOD_CNI_CONFIG/10-crio.conf <<-EOF -{ - "cniVersion": "0.2.0", - "name": "crionet", - "type": "bridge", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.20.40.0/24", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } -} -EOF - - cat >$LIBPOD_CNI_CONFIG/99-loopback.conf <<-EOF -{ - "cniVersion": "0.2.0", - "type": "loopback" -} -EOF - - echo 0 -} - -function prepare_plugin_test_args_network_conf() { - mkdir -p $LIBPOD_CNI_CONFIG - cat >$LIBPOD_CNI_CONFIG/10-plugin-test-args.conf <<-EOF -{ - "cniVersion": "0.2.0", - "name": "crionet_test_args", - "type": "bridge-custom", - "bridge": "cni0", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.20.40.0/24", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } -} -EOF - - echo 0 -} - function check_pod_cidr() { run crioctl ctr execsync --id $1 ip addr show dev eth0 scope global 2>&1 echo "$output" diff --git a/test/podman_attach.bats b/test/podman_attach.bats index 1d3451eeb..9baaf339c 100644 --- a/test/podman_attach.bats +++ b/test/podman_attach.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_commit.bats b/test/podman_commit.bats index 46eaf32a4..9257743e9 100644 --- a/test/podman_commit.bats +++ b/test/podman_commit.bats @@ -9,7 +9,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_create.bats b/test/podman_create.bats index a9f70cdfa..d7a9cd72e 100644 --- a/test/podman_create.bats +++ b/test/podman_create.bats @@ -3,7 +3,6 @@ load helpers function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_diff.bats b/test/podman_diff.bats index 942af8805..9ed088807 100644 --- a/test/podman_diff.bats +++ b/test/podman_diff.bats @@ -3,7 +3,6 @@ load helpers function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_exec.bats b/test/podman_exec.bats index 57f7217d8..76114aa0a 100644 --- a/test/podman_exec.bats +++ b/test/podman_exec.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_export.bats b/test/podman_export.bats index 2a620dc4a..3847ab14c 100644 --- a/test/podman_export.bats +++ b/test/podman_export.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_history.bats b/test/podman_history.bats index ea5aa8d31..2eeb1b5ac 100644 --- a/test/podman_history.bats +++ b/test/podman_history.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_images.bats b/test/podman_images.bats index f62508e80..b500f6b98 100644 --- a/test/podman_images.bats +++ b/test/podman_images.bats @@ -4,10 +4,6 @@ load helpers IMAGE="busybox" -function setup() { - prepare_network_conf -} - function teardown() { cleanup_test } diff --git a/test/podman_import.bats b/test/podman_import.bats index b665b789e..6303141c9 100644 --- a/test/podman_import.bats +++ b/test/podman_import.bats @@ -9,7 +9,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_inspect.bats b/test/podman_inspect.bats index 197cc4556..5c353aae8 100644 --- a/test/podman_inspect.bats +++ b/test/podman_inspect.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_kill.bats b/test/podman_kill.bats index 88837aa8d..449603905 100644 --- a/test/podman_kill.bats +++ b/test/podman_kill.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_load.bats b/test/podman_load.bats index 1219144e4..6fe8638b6 100644 --- a/test/podman_load.bats +++ b/test/podman_load.bats @@ -3,7 +3,6 @@ load helpers function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_logs.bats b/test/podman_logs.bats index 927f36bca..4c20654a7 100644 --- a/test/podman_logs.bats +++ b/test/podman_logs.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_mount.bats b/test/podman_mount.bats index 110cf0e93..bc6be1a19 100644 --- a/test/podman_mount.bats +++ b/test/podman_mount.bats @@ -9,7 +9,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_pause.bats b/test/podman_pause.bats index 1075fa05f..768ffa53a 100644 --- a/test/podman_pause.bats +++ b/test/podman_pause.bats @@ -3,7 +3,6 @@ load helpers function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_ps.bats b/test/podman_ps.bats index 3b904535c..b99c84304 100644 --- a/test/podman_ps.bats +++ b/test/podman_ps.bats @@ -4,7 +4,6 @@ load helpers IMAGE="redis:alpine" function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_push.bats b/test/podman_push.bats index cc9220bfd..82798b3fc 100644 --- a/test/podman_push.bats +++ b/test/podman_push.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_rm.bats b/test/podman_rm.bats index 8ef39435d..f6430711f 100644 --- a/test/podman_rm.bats +++ b/test/podman_rm.bats @@ -3,7 +3,6 @@ load helpers function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_run.bats b/test/podman_run.bats index 57ae0872e..46b136fee 100644 --- a/test/podman_run.bats +++ b/test/podman_run.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_run_device.bats b/test/podman_run_device.bats index 98d6833eb..b5a901ff9 100644 --- a/test/podman_run_device.bats +++ b/test/podman_run_device.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_run_ns.bats b/test/podman_run_ns.bats index 8d1bd4b54..0d6e645c0 100644 --- a/test/podman_run_ns.bats +++ b/test/podman_run_ns.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_save.bats b/test/podman_save.bats index 2e03a95cc..27e627b8f 100644 --- a/test/podman_save.bats +++ b/test/podman_save.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_start.bats b/test/podman_start.bats index 025316462..50cbf43dc 100644 --- a/test/podman_start.bats +++ b/test/podman_start.bats @@ -3,7 +3,6 @@ load helpers function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_stats.bats b/test/podman_stats.bats index f9981227a..91ef62f6b 100644 --- a/test/podman_stats.bats +++ b/test/podman_stats.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_stop.bats b/test/podman_stop.bats index 06b001fed..b505d8827 100644 --- a/test/podman_stop.bats +++ b/test/podman_stop.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_top.bats b/test/podman_top.bats index 1d3df149d..e592a0e22 100644 --- a/test/podman_top.bats +++ b/test/podman_top.bats @@ -7,7 +7,6 @@ function teardown() { } function setup() { - prepare_network_conf copy_images } diff --git a/test/podman_wait.bats b/test/podman_wait.bats index 823a8591f..2ebf1d58d 100644 --- a/test/podman_wait.bats +++ b/test/podman_wait.bats @@ -3,7 +3,6 @@ load helpers function setup() { - prepare_network_conf copy_images } -- cgit v1.2.3-54-g00ecf