From 2b97c1d733b1fc310ecc6b4babbd7c6725718d46 Mon Sep 17 00:00:00 2001
From: Paul Holzinger <paul.holzinger@web.de>
Date: Tue, 24 Nov 2020 14:56:35 +0100
Subject: Allow static ip and mac with rootless cni network

Make sure we pass the ip and mac address as CNI_ARGS to
the cnitool which is executed in the rootless-cni-infra
container.

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
---
 test/e2e/create_staticip_test.go  | 6 +++---
 test/e2e/create_staticmac_test.go | 8 ++------
 test/e2e/create_test.go           | 4 ++--
 test/e2e/pod_create_test.go       | 4 ++--
 test/e2e/pod_inspect_test.go      | 2 +-
 test/e2e/run_networking_test.go   | 6 ------
 test/e2e/run_staticip_test.go     | 2 +-
 7 files changed, 11 insertions(+), 21 deletions(-)

(limited to 'test')

diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go
index 7a2267617..698bbf976 100644
--- a/test/e2e/create_staticip_test.go
+++ b/test/e2e/create_staticip_test.go
@@ -49,7 +49,7 @@ var _ = Describe("Podman create with --ip flag", func() {
 	})
 
 	It("Podman create --ip with non-allocatable IP", func() {
-		SkipIfRootless("--ip is not supported in rootless mode")
+		SkipIfRootless("--ip not supported without network in rootless mode")
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result.ExitCode()).To(Equal(0))
@@ -63,7 +63,7 @@ var _ = Describe("Podman create with --ip flag", func() {
 		ip := GetRandomIPAddress()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", ip, ALPINE, "ip", "addr"})
 		result.WaitWithDefaultTimeout()
-		// Rootless static ip assignment should error
+		// Rootless static ip assignment without network should error
 		if rootless.IsRootless() {
 			Expect(result.ExitCode()).To(Equal(125))
 		} else {
@@ -81,7 +81,7 @@ var _ = Describe("Podman create with --ip flag", func() {
 	})
 
 	It("Podman create two containers with the same IP", func() {
-		SkipIfRootless("--ip not supported in rootless mode")
+		SkipIfRootless("--ip not supported without network in rootless mode")
 		ip := GetRandomIPAddress()
 		result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"})
 		result.WaitWithDefaultTimeout()
diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go
index 1ac431da2..4c8f371a4 100644
--- a/test/e2e/create_staticmac_test.go
+++ b/test/e2e/create_staticmac_test.go
@@ -56,11 +56,7 @@ var _ = Describe("Podman run with --mac-address flag", func() {
 
 		result := podmanTest.Podman([]string{"run", "--network", net, "--mac-address", "92:d0:c6:00:29:34", ALPINE, "ip", "addr"})
 		result.WaitWithDefaultTimeout()
-		if rootless.IsRootless() {
-			Expect(result.ExitCode()).To(Equal(125))
-		} else {
-			Expect(result.ExitCode()).To(Equal(0))
-			Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:00:29:34"))
-		}
+		Expect(result.ExitCode()).To(Equal(0))
+		Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:00:29:34"))
 	})
 })
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index a4931ff2d..2e9f5455d 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -553,7 +553,7 @@ var _ = Describe("Podman create", func() {
 	})
 
 	It("create container in pod with IP should fail", func() {
-		SkipIfRootless("Setting IP not supported in rootless mode")
+		SkipIfRootless("Setting IP not supported in rootless mode without network")
 		name := "createwithstaticip"
 		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
 		pod.WaitWithDefaultTimeout()
@@ -565,7 +565,7 @@ var _ = Describe("Podman create", func() {
 	})
 
 	It("create container in pod with mac should fail", func() {
-		SkipIfRootless("Setting MAC Address not supported in rootless mode")
+		SkipIfRootless("Setting MAC Address not supported in rootless mode without network")
 		name := "createwithstaticmac"
 		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
 		pod.WaitWithDefaultTimeout()
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index be0a2f6f0..9c448a81e 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -233,7 +233,7 @@ var _ = Describe("Podman pod create", func() {
 		ip := GetRandomIPAddress()
 		podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name})
 		podCreate.WaitWithDefaultTimeout()
-		// Rootless should error
+		// Rootless should error without network
 		if rootless.IsRootless() {
 			Expect(podCreate.ExitCode()).To(Equal(125))
 		} else {
@@ -246,7 +246,7 @@ var _ = Describe("Podman pod create", func() {
 	})
 
 	It("podman container in pod with IP address shares IP address", func() {
-		SkipIfRootless("Rootless does not support --ip")
+		SkipIfRootless("Rootless does not support --ip without network")
 		podName := "test"
 		ctrName := "testCtr"
 		ip := GetRandomIPAddress()
diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go
index 25212991d..fd9589afe 100644
--- a/test/e2e/pod_inspect_test.go
+++ b/test/e2e/pod_inspect_test.go
@@ -101,7 +101,7 @@ var _ = Describe("Podman pod inspect", func() {
 	})
 
 	It("podman pod inspect outputs show correct MAC", func() {
-		SkipIfRootless("--mac-address is not supported in rootless mode")
+		SkipIfRootless("--mac-address is not supported in rootless mode without network")
 		podName := "testPod"
 		macAddr := "42:43:44:00:00:01"
 		create := podmanTest.Podman([]string{"pod", "create", "--name", podName, "--mac-address", macAddr})
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index cbaae7186..ebea2132a 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -621,7 +621,6 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run in custom CNI network with --static-ip", func() {
-		SkipIfRootless("Rootless mode does not support --ip")
 		netName := stringid.GenerateNonCryptoID()
 		ipAddr := "10.25.30.128"
 		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
@@ -633,10 +632,6 @@ var _ = Describe("Podman run networking", func() {
 		run.WaitWithDefaultTimeout()
 		Expect(run.ExitCode()).To(BeZero())
 		Expect(run.OutputToString()).To(ContainSubstring(ipAddr))
-
-		create = podmanTest.Podman([]string{"network", "rm", netName})
-		create.WaitWithDefaultTimeout()
-		Expect(create.ExitCode()).To(BeZero())
 	})
 
 	It("podman rootless fails custom CNI network with --uidmap", func() {
@@ -658,7 +653,6 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run with new:pod and static-ip", func() {
-		SkipIfRootless("Rootless does not support --ip")
 		netName := stringid.GenerateNonCryptoID()
 		ipAddr := "10.25.40.128"
 		podname := "testpod"
diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go
index 8383b1812..aeb462ae9 100644
--- a/test/e2e/run_staticip_test.go
+++ b/test/e2e/run_staticip_test.go
@@ -19,7 +19,7 @@ var _ = Describe("Podman run with --ip flag", func() {
 	)
 
 	BeforeEach(func() {
-		SkipIfRootless("rootless does not support --ip")
+		SkipIfRootless("rootless does not support --ip without network")
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
-- 
cgit v1.2.3-54-g00ecf


From e42f9ee69766758968f11e5a6a5a189f5142ba78 Mon Sep 17 00:00:00 2001
From: Paul Holzinger <paul.holzinger@web.de>
Date: Thu, 3 Dec 2020 22:26:29 +0100
Subject: Add support for rootless network-aliases

Make sure we pass the network aliases as capability args to the
cnitool in the rootless-cni-infra container. Also update the
dnsname plugin in the cni-infra container.

Fixes #8567

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
---
 contrib/rootless-cni-infra/Containerfile      |  4 ++--
 contrib/rootless-cni-infra/rootless-cni-infra | 12 ++++++++----
 libpod/rootless_cni_linux.go                  | 25 ++++++++++++++++++++-----
 test/e2e/network_test.go                      |  1 -
 4 files changed, 30 insertions(+), 12 deletions(-)

(limited to 'test')

diff --git a/contrib/rootless-cni-infra/Containerfile b/contrib/rootless-cni-infra/Containerfile
index 579d192b9..4324f39d2 100644
--- a/contrib/rootless-cni-infra/Containerfile
+++ b/contrib/rootless-cni-infra/Containerfile
@@ -2,7 +2,7 @@ ARG GOLANG_VERSION=1.15
 ARG ALPINE_VERSION=3.12
 ARG CNI_VERSION=v0.8.0
 ARG CNI_PLUGINS_VERSION=v0.8.7
-ARG DNSNAME_VERSION=v1.0.0
+ARG DNSNAME_VERSION=v1.1.1
 
 FROM golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} AS golang-base
 RUN apk add --no-cache git
@@ -33,4 +33,4 @@ COPY rootless-cni-infra /usr/local/bin
 ENV CNI_PATH=/opt/cni/bin
 CMD ["sleep", "infinity"]
 
-ENV ROOTLESS_CNI_INFRA_VERSION=4
+ENV ROOTLESS_CNI_INFRA_VERSION=5
diff --git a/contrib/rootless-cni-infra/rootless-cni-infra b/contrib/rootless-cni-infra/rootless-cni-infra
index bafa18144..cceb8d817 100755
--- a/contrib/rootless-cni-infra/rootless-cni-infra
+++ b/contrib/rootless-cni-infra/rootless-cni-infra
@@ -21,10 +21,10 @@ wait_unshare_net() {
 	done
 }
 
-# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC"
+# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC $CAP_ARGS"
 cmd_entrypoint_alloc() {
-	if [ "$#" -ne 5 ]; then
-		echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC"
+	if [ "$#" -ne 6 ]; then
+		echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC CAP_ARGS"
 		exit 1
 	fi
 
@@ -33,6 +33,7 @@ cmd_entrypoint_alloc() {
 	K8S_POD_NAME="$3"
 	IP="$4"
 	MAC="$5"
+	CAP_ARGS="$6"
 
 	dir="${BASE}/${ID}"
 	mkdir -p "${dir}/attached" "${dir}/attached-args"
@@ -54,9 +55,12 @@ cmd_entrypoint_alloc() {
 	if [ "$MAC" ]; then
 		CNI_ARGS="$CNI_ARGS;MAC=${MAC}"
 	fi
+	if [ "$CAP_ARGS" ]; then
+		CAP_ARGS="$CAP_ARGS"
+	fi
 	nwcount=$(find "${dir}/attached" -type f | wc -l)
 	CNI_IFNAME="eth${nwcount}"
-	export CNI_ARGS CNI_IFNAME
+	export CNI_ARGS CNI_IFNAME CAP_ARGS
 	cnitool add "${NET}" "/proc/${pid}/ns/net" >"${dir}/attached/${NET}"
 	echo "${CNI_ARGS}" >"${dir}/attached-args/${NET}"
 
diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go
index 9cfadc1f1..94ae062aa 100644
--- a/libpod/rootless_cni_linux.go
+++ b/libpod/rootless_cni_linux.go
@@ -25,7 +25,7 @@ import (
 
 // Built from ../contrib/rootless-cni-infra.
 var rootlessCNIInfraImage = map[string]string{
-	"amd64": "quay.io/luap99/rootless-cni-infra@sha256:4e9f1e223463a46d9f9b019c0fa8c902494ed34872f75104d985b23812f19683", // 4-amd64
+	"amd64": "quay.io/libpod/rootless-cni-infra@sha256:adf352454666f7ce9ca3e1098448b5ee18f89c4516471ec99447ec9ece917f36", // 5-amd64
 }
 
 const (
@@ -66,10 +66,25 @@ func AllocRootlessCNI(ctx context.Context, c *Container) (ns.NetNS, []*cnitypes.
 	if c.config.StaticMAC != nil {
 		mac = c.config.StaticMAC.String()
 	}
+	aliases, err := c.runtime.state.GetAllNetworkAliases(c)
+	if err != nil {
+		return nil, nil, err
+	}
+	capArgs := ""
+	// add network aliases json encoded as capabilityArgs for cni
+	if len(aliases) > 0 {
+		capabilityArgs := make(map[string]interface{})
+		capabilityArgs["aliases"] = aliases
+		b, err := json.Marshal(capabilityArgs)
+		if err != nil {
+			return nil, nil, err
+		}
+		capArgs = string(b)
+	}
 
 	cniResults := make([]*cnitypes.Result, len(networks))
 	for i, nw := range networks {
-		cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName, ip, mac)
+		cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName, ip, mac, capArgs)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -146,11 +161,11 @@ func getCNIPodName(c *Container) string {
 	return c.Name()
 }
 
-func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName, ip, mac string) (*cnitypes.Result, error) {
-	logrus.Debugf("rootless CNI: alloc %q, %q, %q, %q, %q", id, nw, k8sPodName, ip, mac)
+func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName, ip, mac, capArgs string) (*cnitypes.Result, error) {
+	logrus.Debugf("rootless CNI: alloc %q, %q, %q, %q, %q, %q", id, nw, k8sPodName, ip, mac, capArgs)
 	var err error
 
-	_, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName, ip, mac)
+	_, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName, ip, mac, capArgs)
 	if err != nil {
 		return nil, err
 	}
diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
index fb18e2317..a7e83220b 100644
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -408,7 +408,6 @@ var _ = Describe("Podman network", func() {
 		Expect(lines[1]).To(Equal(netName2))
 	})
 	It("podman network with multiple aliases", func() {
-		Skip("Until DNSName is updated on our CI images")
 		var worked bool
 		netName := "aliasTest" + stringid.GenerateNonCryptoID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
-- 
cgit v1.2.3-54-g00ecf