From c717b3cacad00ec8ea5415a2246994ac3adf7ae0 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 24 Nov 2020 14:56:35 +0100 Subject: Allow static ip and mac with rootless cni network Make sure we pass the ip and mac address as CNI_ARGS to the cnitool which is executed in the rootless-cni-infra container. Signed-off-by: Paul Holzinger --- test/e2e/create_staticip_test.go | 6 +++--- test/e2e/create_staticmac_test.go | 8 ++------ test/e2e/create_test.go | 4 ++-- test/e2e/pod_create_test.go | 4 ++-- test/e2e/pod_inspect_test.go | 2 +- test/e2e/run_networking_test.go | 6 ------ test/e2e/run_staticip_test.go | 2 +- 7 files changed, 11 insertions(+), 21 deletions(-) (limited to 'test') diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index 7a2267617..698bbf976 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -49,7 +49,7 @@ var _ = Describe("Podman create with --ip flag", func() { }) It("Podman create --ip with non-allocatable IP", func() { - SkipIfRootless("--ip is not supported in rootless mode") + SkipIfRootless("--ip not supported without network in rootless mode") result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -63,7 +63,7 @@ var _ = Describe("Podman create with --ip flag", func() { ip := GetRandomIPAddress() result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", ip, ALPINE, "ip", "addr"}) result.WaitWithDefaultTimeout() - // Rootless static ip assignment should error + // Rootless static ip assignment without network should error if rootless.IsRootless() { Expect(result.ExitCode()).To(Equal(125)) } else { @@ -81,7 +81,7 @@ var _ = Describe("Podman create with --ip flag", func() { }) It("Podman create two containers with the same IP", func() { - SkipIfRootless("--ip not supported in rootless mode") + SkipIfRootless("--ip not supported without network in rootless mode") ip := GetRandomIPAddress() result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go index 1ac431da2..4c8f371a4 100644 --- a/test/e2e/create_staticmac_test.go +++ b/test/e2e/create_staticmac_test.go @@ -56,11 +56,7 @@ var _ = Describe("Podman run with --mac-address flag", func() { result := podmanTest.Podman([]string{"run", "--network", net, "--mac-address", "92:d0:c6:00:29:34", ALPINE, "ip", "addr"}) result.WaitWithDefaultTimeout() - if rootless.IsRootless() { - Expect(result.ExitCode()).To(Equal(125)) - } else { - Expect(result.ExitCode()).To(Equal(0)) - Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:00:29:34")) - } + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:00:29:34")) }) }) diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index 73d92e5a0..67c08ac09 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -553,7 +553,7 @@ var _ = Describe("Podman create", func() { }) It("create container in pod with IP should fail", func() { - SkipIfRootless("Setting IP not supported in rootless mode") + SkipIfRootless("Setting IP not supported in rootless mode without network") name := "createwithstaticip" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() @@ -565,7 +565,7 @@ var _ = Describe("Podman create", func() { }) It("create container in pod with mac should fail", func() { - SkipIfRootless("Setting MAC Address not supported in rootless mode") + SkipIfRootless("Setting MAC Address not supported in rootless mode without network") name := "createwithstaticmac" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index be0a2f6f0..9c448a81e 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -233,7 +233,7 @@ var _ = Describe("Podman pod create", func() { ip := GetRandomIPAddress() podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name}) podCreate.WaitWithDefaultTimeout() - // Rootless should error + // Rootless should error without network if rootless.IsRootless() { Expect(podCreate.ExitCode()).To(Equal(125)) } else { @@ -246,7 +246,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman container in pod with IP address shares IP address", func() { - SkipIfRootless("Rootless does not support --ip") + SkipIfRootless("Rootless does not support --ip without network") podName := "test" ctrName := "testCtr" ip := GetRandomIPAddress() diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go index 25212991d..fd9589afe 100644 --- a/test/e2e/pod_inspect_test.go +++ b/test/e2e/pod_inspect_test.go @@ -101,7 +101,7 @@ var _ = Describe("Podman pod inspect", func() { }) It("podman pod inspect outputs show correct MAC", func() { - SkipIfRootless("--mac-address is not supported in rootless mode") + SkipIfRootless("--mac-address is not supported in rootless mode without network") podName := "testPod" macAddr := "42:43:44:00:00:01" create := podmanTest.Podman([]string{"pod", "create", "--name", podName, "--mac-address", macAddr}) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index cbaae7186..ebea2132a 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -621,7 +621,6 @@ var _ = Describe("Podman run networking", func() { }) It("podman run in custom CNI network with --static-ip", func() { - SkipIfRootless("Rootless mode does not support --ip") netName := stringid.GenerateNonCryptoID() ipAddr := "10.25.30.128" create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName}) @@ -633,10 +632,6 @@ var _ = Describe("Podman run networking", func() { run.WaitWithDefaultTimeout() Expect(run.ExitCode()).To(BeZero()) Expect(run.OutputToString()).To(ContainSubstring(ipAddr)) - - create = podmanTest.Podman([]string{"network", "rm", netName}) - create.WaitWithDefaultTimeout() - Expect(create.ExitCode()).To(BeZero()) }) It("podman rootless fails custom CNI network with --uidmap", func() { @@ -658,7 +653,6 @@ var _ = Describe("Podman run networking", func() { }) It("podman run with new:pod and static-ip", func() { - SkipIfRootless("Rootless does not support --ip") netName := stringid.GenerateNonCryptoID() ipAddr := "10.25.40.128" podname := "testpod" diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index 8383b1812..aeb462ae9 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -19,7 +19,7 @@ var _ = Describe("Podman run with --ip flag", func() { ) BeforeEach(func() { - SkipIfRootless("rootless does not support --ip") + SkipIfRootless("rootless does not support --ip without network") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) -- cgit v1.2.3-54-g00ecf From 1fac43654cf2ec950a2b3221e27425dbcd3bbf4d Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Thu, 3 Dec 2020 22:26:29 +0100 Subject: Add support for rootless network-aliases Make sure we pass the network aliases as capability args to the cnitool in the rootless-cni-infra container. Also update the dnsname plugin in the cni-infra container. Fixes #8567 Signed-off-by: Paul Holzinger --- contrib/rootless-cni-infra/Containerfile | 4 ++-- contrib/rootless-cni-infra/rootless-cni-infra | 12 ++++++++---- libpod/rootless_cni_linux.go | 25 ++++++++++++++++++++----- test/e2e/network_test.go | 1 - 4 files changed, 30 insertions(+), 12 deletions(-) (limited to 'test') diff --git a/contrib/rootless-cni-infra/Containerfile b/contrib/rootless-cni-infra/Containerfile index 579d192b9..4324f39d2 100644 --- a/contrib/rootless-cni-infra/Containerfile +++ b/contrib/rootless-cni-infra/Containerfile @@ -2,7 +2,7 @@ ARG GOLANG_VERSION=1.15 ARG ALPINE_VERSION=3.12 ARG CNI_VERSION=v0.8.0 ARG CNI_PLUGINS_VERSION=v0.8.7 -ARG DNSNAME_VERSION=v1.0.0 +ARG DNSNAME_VERSION=v1.1.1 FROM golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} AS golang-base RUN apk add --no-cache git @@ -33,4 +33,4 @@ COPY rootless-cni-infra /usr/local/bin ENV CNI_PATH=/opt/cni/bin CMD ["sleep", "infinity"] -ENV ROOTLESS_CNI_INFRA_VERSION=4 +ENV ROOTLESS_CNI_INFRA_VERSION=5 diff --git a/contrib/rootless-cni-infra/rootless-cni-infra b/contrib/rootless-cni-infra/rootless-cni-infra index bafa18144..cceb8d817 100755 --- a/contrib/rootless-cni-infra/rootless-cni-infra +++ b/contrib/rootless-cni-infra/rootless-cni-infra @@ -21,10 +21,10 @@ wait_unshare_net() { done } -# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC" +# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC $CAP_ARGS" cmd_entrypoint_alloc() { - if [ "$#" -ne 5 ]; then - echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC" + if [ "$#" -ne 6 ]; then + echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC CAP_ARGS" exit 1 fi @@ -33,6 +33,7 @@ cmd_entrypoint_alloc() { K8S_POD_NAME="$3" IP="$4" MAC="$5" + CAP_ARGS="$6" dir="${BASE}/${ID}" mkdir -p "${dir}/attached" "${dir}/attached-args" @@ -54,9 +55,12 @@ cmd_entrypoint_alloc() { if [ "$MAC" ]; then CNI_ARGS="$CNI_ARGS;MAC=${MAC}" fi + if [ "$CAP_ARGS" ]; then + CAP_ARGS="$CAP_ARGS" + fi nwcount=$(find "${dir}/attached" -type f | wc -l) CNI_IFNAME="eth${nwcount}" - export CNI_ARGS CNI_IFNAME + export CNI_ARGS CNI_IFNAME CAP_ARGS cnitool add "${NET}" "/proc/${pid}/ns/net" >"${dir}/attached/${NET}" echo "${CNI_ARGS}" >"${dir}/attached-args/${NET}" diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go index 9cfadc1f1..94ae062aa 100644 --- a/libpod/rootless_cni_linux.go +++ b/libpod/rootless_cni_linux.go @@ -25,7 +25,7 @@ import ( // Built from ../contrib/rootless-cni-infra. var rootlessCNIInfraImage = map[string]string{ - "amd64": "quay.io/luap99/rootless-cni-infra@sha256:4e9f1e223463a46d9f9b019c0fa8c902494ed34872f75104d985b23812f19683", // 4-amd64 + "amd64": "quay.io/libpod/rootless-cni-infra@sha256:adf352454666f7ce9ca3e1098448b5ee18f89c4516471ec99447ec9ece917f36", // 5-amd64 } const ( @@ -66,10 +66,25 @@ func AllocRootlessCNI(ctx context.Context, c *Container) (ns.NetNS, []*cnitypes. if c.config.StaticMAC != nil { mac = c.config.StaticMAC.String() } + aliases, err := c.runtime.state.GetAllNetworkAliases(c) + if err != nil { + return nil, nil, err + } + capArgs := "" + // add network aliases json encoded as capabilityArgs for cni + if len(aliases) > 0 { + capabilityArgs := make(map[string]interface{}) + capabilityArgs["aliases"] = aliases + b, err := json.Marshal(capabilityArgs) + if err != nil { + return nil, nil, err + } + capArgs = string(b) + } cniResults := make([]*cnitypes.Result, len(networks)) for i, nw := range networks { - cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName, ip, mac) + cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName, ip, mac, capArgs) if err != nil { return nil, nil, err } @@ -146,11 +161,11 @@ func getCNIPodName(c *Container) string { return c.Name() } -func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName, ip, mac string) (*cnitypes.Result, error) { - logrus.Debugf("rootless CNI: alloc %q, %q, %q, %q, %q", id, nw, k8sPodName, ip, mac) +func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName, ip, mac, capArgs string) (*cnitypes.Result, error) { + logrus.Debugf("rootless CNI: alloc %q, %q, %q, %q, %q, %q", id, nw, k8sPodName, ip, mac, capArgs) var err error - _, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName, ip, mac) + _, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName, ip, mac, capArgs) if err != nil { return nil, err } diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go index e2080244b..2f5290c76 100644 --- a/test/e2e/network_test.go +++ b/test/e2e/network_test.go @@ -408,7 +408,6 @@ var _ = Describe("Podman network", func() { Expect(lines[1]).To(Equal(netName2)) }) It("podman network with multiple aliases", func() { - Skip("Until DNSName is updated on our CI images") var worked bool netName := "aliasTest" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", netName}) -- cgit v1.2.3-54-g00ecf