Set interface name to the network_interface name for macvlan and ipvlan networks

[vikas-goel]

When interface_name attribute in containers.conf file is set to "device", then set interface names inside containers same as the network_interface names of the respective network.

The change applies to macvlan and ipvlan networks only. The interface_name attribute value has no impact on any other types of networks.

If the interface name is set in the user request, then that takes precedence.

The interface_name attribute in the containers.conf file was added via containers/common#1814.

Fixes: #21313

Does this PR introduce a user-facing change? Yes

A new global attribute interface_name has been added to the containers.conf file. The default value of the attribute is "". The attribute value can be overridden to "device". This setting is effective for macvlan and ipvlan networks only. When set to "device", the network interface names inside containers will be set to the network_interface property value as seen in the podman inspect of the respective network, by default. If the network_interface property is not set or the global attribute is left unmodified, then the network interface name is set to the ethX pattern as usual, by default. 

[packit-as-a-service]

Cockpit tests failed for commit a63870d820d721ead66bf64584227146f6869786. @martinpitt, @jelly, @mvollmer please check.

[packit-as-a-service]

Cockpit tests failed for commit 9350b183c51fbff305f4593011945fdcc84b7501. @martinpitt, @jelly, @mvollmer please check.

[vikas-goel]

@Luap99 , @TomSweeneyRedHat ,

The two machine related test case failures seem to be altogether in an independent area for unrelated reasons. For example, similar issue was seen in https://github.com/containers/podman/pull/21339/checks?check_run_id=21024221296.

What is the next step? Can we get it merged?

[vikas-goel]

/assign @Luap99 @TomSweeneyRedHat @rhatdan

[vikas-goel]

Pinging @TomSweeneyRedHat for review

[vikas-goel]

Pinging @rhatdan for review

[mheon]

@edsantiago Mind taking a look at the tests?

[TomSweeneyRedHat]

@Luap99 is the SME here, and I'd like to get his eyeballs on this.
LGTM otherwise.

[baude]

general comments:

• can you comment your tests more verbosely for the future
• where is this documented
• i understand this is paired with a containers-common pr, can you please cite it
• can you please change the commit title to include something like macvlan only, in the theme of matt's feedback
• please include macvlan only in the pr description as well

well done getting through CI! And appreciate the tests.

[vikas-goel]

general comments:

• can you comment your tests more verbosely for the future
• where is this documented
• i understand this is paired with a containers-common pr, can you please cite it
• can you please change the commit title to include something like macvlan only, in the theme of matt's feedback
• please include macvlan only in the pr description as well

well done getting through CI! And appreciate the tests.

Incorporated all the comments. The attribute definition is documented in the c/common repo. The release notes in this PR describes the change.

[edsantiago]

What bothers me a little about the tests is that, when run against main, all of them pass (or are skipped) rootless, and only one fails when run as root. If this is intentional -- like, good-citizen adding a whole bunch of tests unrelated to this PR -- yay and thank you! But if more than one of these tests are supposed to test the PR, there's something wrong.

I'll take a closer look tomorrow.

[vikas-goel]

What bothers me a little about the tests is that, when run against main, all of them pass (or are skipped) rootless, and only one fails when run as root. If this is intentional -- like, good-citizen adding a whole bunch of tests unrelated to this PR -- yay and thank you! But if more than one of these tests are supposed to test the PR, there's something wrong.

I'll take a closer look tomorrow.

There are 4/10 that skip in rootless, not all. They still make sense for root mode. If there is a better way, let me know.

[edsantiago]

What I'm trying to say is that most of these new tests do not test your PR. Are they supposed to?

[vikas-goel]

What I'm trying to say is that most of these new tests do not test your PR. Are they supposed to?

Not sure I am understanding. The PR CI result shows all of them are getting tested in root mode.

[edsantiago]

1. I write code.
2. I write a test for this code.
3. This new test must FAIL when run against the previous commit!

That is one of the most important and fundamental elements of testing.

Most of your new tests pass when run against main. this could be because
a. you are a kind person and have written a bunch of tests for functionality that your PR does not address, that has nothing whatsoever to do with your PR, but you found a hole in our testing and have corrected it. Or
b. your tests are not testing what you think you're testing

I do not have time or energy tonight to figure out which is the reason. So my question to you is, did you deliberately write a bunch of new tests that have nothing to do with your PR, simply to improve our coverage? Or were you expecting all of your new tests to be tests of your PR?

Thank you either way. We are all grateful for new code and new test coverage.

[vikas-goel]

1. I write code.
2. I write a test for this code.
3. This new test must FAIL when run against the previous commit!

That is one of the most important and fundamental elements of testing.

Most of your new tests pass when run against main. this could be because a. you are a kind person and have written a bunch of tests for functionality that your PR does not address, that has nothing whatsoever to do with your PR, but you found a hole in our testing and have corrected it. Or b. your tests are not testing what you think you're testing

I do not have time or energy tonight to figure out which is the reason. So my question to you is, did you deliberately write a bunch of new tests that have nothing to do with your PR, simply to improve our coverage? Or were you expecting all of your new tests to be tests of your PR?

Thank you either way. We are all grateful for new code and new test coverage.

I see what you are pointing to.

Most of the new test cases are related existing behavior. That is, checking the ethX interface naming inside container. That is why they are passing on the previous commit. So, what you said "written a bunch of tests for functionality that your PR does not address, that has nothing whatsoever to do with your PR, but you found a hole in our testing and have corrected it." is probably correct.

[edsantiago]

Feedback from a quick first pass. I need to switch context now, sorry.

[vikas-goel]

@edsantiago , @mheon , @Luap99, @TomSweeneyRedHat , @rhatdan ,
How do we take it forward?

[mheon]

Once @Luap99 gets in next week and reviews, we can get through final review comments and merge.

[Luap99]

The tests seem to carry a ton of duplication which it makes it very hard to follow I suggest rewriting them in some form of loop to deduplicate most logic.

[vikas-goel]

The tests seem to carry a ton of duplication which it makes it very hard to follow I suggest rewriting them in some form of loop to deduplicate most logic.

Updated.

[Luap99]

Thanks, code looks good but we definitely need to have ipvlan tests working on netavark.

[vikas-goel]

Thanks, code looks good but we definitely need to have ipvlan tests working on netavark.

It failed with a very clear statement that netavark does not support ipvlan.

[Luap99]

It failed with a very clear statement that netavark does not support ipvlan.

What version are you using, the latest version support it and they should be in CI

[Luap99]

Lets see if #21530 works, if it does then it should work here too.

[vikas-goel]

Lets see if #21530 works, if it does then it should work here too.

All ipvlan tests are failing in #21530. Will it make sense to get this PR in and enable ipvlan separately in #21530?

[packit-as-a-service]

Cockpit tests failed for commit c68f555b096d1046520343b2577c34f0402a59db. @martinpitt, @jelly, @mvollmer please check.

[vikas-goel]

After re-enabling ipvlan test for netavark in all debian tests, the same old issue happening.

# podman [options] run -d --network ipvlan5fd463d37d --name test quay.io/libpod/alpine:latest top
Error: netavark: unknown network driver ipvlan

Any clues? Is this a tested and supported combination for debian?

[vikas-goel]

System test failing randomly

sys remote fedora-38 root host boltdb

Failed tests (1):
 - 512 [500] podman run port forward range

[edsantiago]

Known flake, it's been hitting us very hard this past week (on f38 only). No point restarting it because the other failures are not flakes.

Looks like Debian has bad/old netavark (1.4). We don't have SkipIfDebian(), but we do have SkipIfRunc(). Would you mind adding that to the failing tests, with a loud explanation?

    SkipIfRunc("FIXME: Fails with netavark < 1.10. Reenable once Debian gets an update")

[vikas-goel]

Will the check for debian be info.Distribution == "debian"?

[vikas-goel]

Bypassing the test when all the following conditions are met

• driver == "ipvlan"
• info.Distribution == "debian"
• pTest.OCIRuntime == "runc"

[Luap99]

/lgtm
/hold

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, vikas-goel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Luap99]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mheon]

/hold cancel