From eca1b6c0bdfca59c8c8a85fe29f4159034f311d0 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 8 Nov 2021 15:22:43 +0100 Subject: [PATCH 1/2] pod create: read network mode from config When we create a pod we have to parse the network mode form the config file. This is a regression in commit d28e85741f. Fixes #12207 Signed-off-by: Paul Holzinger --- cmd/podman/pods/create.go | 4 ++-- test/e2e/config/containers-netns.conf | 3 +++ test/e2e/pod_create_test.go | 18 ++++++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 test/e2e/config/containers-netns.conf diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index b3f84dcd85..58bb799a31 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -116,7 +116,7 @@ func create(cmd *cobra.Command, args []string) error { return fmt.Errorf("cannot specify no-hosts without an infra container") } flags := cmd.Flags() - createOptions.Net, err = common.NetFlagsToNetOptions(nil, *flags, false) + createOptions.Net, err = common.NetFlagsToNetOptions(nil, *flags, createOptions.Infra) if err != nil { return err } @@ -139,7 +139,7 @@ func create(cmd *cobra.Command, args []string) error { createOptions.CpusetCpus = infraOptions.CPUSetCPUs createOptions.Pid = infraOptions.PID flags := cmd.Flags() - infraOptions.Net, err = common.NetFlagsToNetOptions(nil, *flags, false) + infraOptions.Net, err = common.NetFlagsToNetOptions(nil, *flags, createOptions.Infra) if err != nil { return err } diff --git a/test/e2e/config/containers-netns.conf b/test/e2e/config/containers-netns.conf new file mode 100644 index 0000000000..3f796f25de --- /dev/null +++ b/test/e2e/config/containers-netns.conf @@ -0,0 +1,3 @@ +[containers] + +netns = "host" diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 2ccca28d36..bfdf9fe3b0 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -806,4 +806,22 @@ ENTRYPOINT ["sleep","99999"] Expect(ok).To(BeTrue()) }) + It("podman pod create read network mode from config", func() { + confPath, err := filepath.Abs("config/containers-netns.conf") + Expect(err).ToNot(HaveOccurred()) + os.Setenv("CONTAINERS_CONF", confPath) + defer os.Unsetenv("CONTAINERS_CONF") + if IsRemote() { + podmanTest.RestartRemoteService() + } + + pod := podmanTest.Podman([]string{"pod", "create", "--name", "test", "--infra-name", "test-infra"}) + pod.WaitWithDefaultTimeout() + Expect(pod).Should(Exit(0)) + + inspect := podmanTest.Podman([]string{"inspect", "--format", "{{.HostConfig.NetworkMode}}", "test-infra"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + Expect(inspect.OutputToString()).Should(Equal("host")) + }) }) From 9c94530bbe575544d3dceeb591bc3c836a367e22 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 9 Nov 2021 16:25:24 +0100 Subject: [PATCH 2/2] network reload without ports should not reload ports When run as rootless the podman network reload command tries to reload the rootlessport ports because the childIP could have changed. However if the containers has no ports we should skip this instead of printing a warning. Signed-off-by: Paul Holzinger --- libpod/networking_slirp4netns.go | 3 +++ test/e2e/network_connect_disconnect_test.go | 2 ++ test/system/500-networking.bats | 9 +++++++++ 3 files changed, 14 insertions(+) diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go index 07c3aae3c3..c06d215e1a 100644 --- a/libpod/networking_slirp4netns.go +++ b/libpod/networking_slirp4netns.go @@ -629,6 +629,9 @@ func getRootlessPortChildIP(c *Container) string { // reloadRootlessRLKPortMapping will trigger a reload for the port mappings in the rootlessport process. // This should only be called by network connect/disconnect and only as rootless. func (c *Container) reloadRootlessRLKPortMapping() error { + if len(c.config.PortMappings) == 0 { + return nil + } childIP := getRootlessPortChildIP(c) logrus.Debugf("reloading rootless ports for container %s, childIP is %s", c.config.ID, childIP) diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index 217efdeec2..6f05a9c2b5 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -88,6 +88,7 @@ var _ = Describe("Podman network connect and disconnect", func() { dis := podmanTest.Podman([]string{"network", "disconnect", netName, "test"}) dis.WaitWithDefaultTimeout() Expect(dis).Should(Exit(0)) + Expect(dis.ErrorToString()).Should(Equal("")) inspect := podmanTest.Podman([]string{"container", "inspect", "test", "--format", "{{len .NetworkSettings.Networks}}"}) inspect.WaitWithDefaultTimeout() @@ -178,6 +179,7 @@ var _ = Describe("Podman network connect and disconnect", func() { connect := podmanTest.Podman([]string{"network", "connect", newNetName, "test"}) connect.WaitWithDefaultTimeout() Expect(connect).Should(Exit(0)) + Expect(connect.ErrorToString()).Should(Equal("")) inspect := podmanTest.Podman([]string{"container", "inspect", "test", "--format", "{{len .NetworkSettings.Networks}}"}) inspect.WaitWithDefaultTimeout() diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index bdedfae19c..fc1a7c9f02 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -391,6 +391,7 @@ load helpers mac="$output" run_podman network disconnect $netname $cid + is "$output" "" "Output should be empty (no errors)" # check that we cannot curl (timeout after 3 sec) run curl --max-time 3 -s $SERVER/index.txt @@ -399,6 +400,7 @@ load helpers fi run_podman network connect $netname $cid + is "$output" "" "Output should be empty (no errors)" # curl should work again run curl --max-time 3 -s $SERVER/index.txt @@ -415,8 +417,15 @@ load helpers die "MAC address did not change after podman network disconnect/connect" fi + # Disconnect/reconnect of a container *with no ports* should succeed quietly + run_podman network disconnect $netname $background_cid + is "$output" "" "disconnect of container with no open ports" + run_podman network connect $netname $background_cid + is "$output" "" "(re)connect of container with no open ports" + # connect a second network run_podman network connect $netname2 $cid + is "$output" "" "Output should be empty (no errors)" # curl should work run curl --max-time 3 -s $SERVER/index.txt