Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RHEL: Do not pull rootless CNI infra image, and instead request that user build it. #8671

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion contrib/rootless-cni-infra/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
# rootless-cni-infra

Infra container for CNI-in-slirp4netns.
Infra container for CNI-in-slirp4netns. This is required for rootless CNI networking.

To build the rootless CNI infra container image, please download both the Containerfile and `rootless-cni-infra` files to an otherwise empty directory.
Then, run `podman build -t rootless-cni-infra .` on that directory as the user who will be running rootless Podman.

Once the image has been built, Podman will automatically use it as required to create CNI networks.

## How it works

Expand Down
19 changes: 5 additions & 14 deletions libpod/rootless_cni_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,11 @@ import (
"context"
"io"
"path/filepath"
"runtime"

cnitypes "github.com/containernetworking/cni/pkg/types/current"
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/podman/v2/libpod/define"
"github.com/containers/podman/v2/libpod/image"
"github.com/containers/podman/v2/pkg/env"
"github.com/containers/podman/v2/pkg/util"
"github.com/containers/storage/pkg/lockfile"
"github.com/hashicorp/go-multierror"
spec "github.com/opencontainers/runtime-spec/specs-go"
Expand All @@ -23,11 +20,6 @@ import (
"github.com/sirupsen/logrus"
)

// Built from ../contrib/rootless-cni-infra.
var rootlessCNIInfraImage = map[string]string{
"amd64": "quay.io/libpod/rootless-cni-infra@sha256:304742d5d221211df4ec672807a5842ff11e3729c50bc424ea0cea858f69d7b7", // 3-amd64
}

const (
rootlessCNIInfraContainerNamespace = "podman-system"
rootlessCNIInfraContainerName = "rootless-cni-infra"
Expand Down Expand Up @@ -233,14 +225,13 @@ func ensureRootlessCNIInfraContainerRunning(ctx context.Context, r *Runtime) (*C
}

func startRootlessCNIInfraContainer(ctx context.Context, r *Runtime) (*Container, error) {
imageName, ok := rootlessCNIInfraImage[runtime.GOARCH]
if !ok {
return nil, errors.Errorf("cannot find rootless-podman-network-sandbox image for %s", runtime.GOARCH)
}
imageName := "rootless-cni-infra"
logrus.Debugf("rootless CNI: ensuring image %q to exist", imageName)
newImage, err := r.ImageRuntime().New(ctx, imageName, "", "", nil, nil,
image.SigningOptions{}, nil, util.PullImageMissing)
newImage, err := r.ImageRuntime().NewFromLocal(imageName)
if err != nil {
if errors.Cause(err) == define.ErrNoSuchImage {
return nil, errors.Errorf("rootless CNI infra image not present - please build image from https://github.com/containers/podman/blob/v2.2.1-rhel/contrib/rootless-cni-infra/ and tag as %q", imageName)
}
return nil, err
}
logrus.Debugf("rootless CNI: image %q is ready", imageName)
Expand Down
12 changes: 8 additions & 4 deletions pkg/specgen/generate/ports.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,11 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
var index uint16
for index = 0; index < len; index++ {
cPort := containerPort + index
hPort := hostPort + index
hPort := hostPort
// Only increment host port if it's not 0.
if hostPort != 0 {
hPort += index
}

if cPort == 0 {
return nil, nil, nil, errors.Errorf("container port cannot be 0")
Expand Down Expand Up @@ -162,8 +166,8 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
tempMappings,
tempMapping{
mapping: cniPort,
startOfRange: port.Range > 0 && index == 0,
isInRange: port.Range > 0,
startOfRange: port.Range > 1 && index == 0,
isInRange: port.Range > 1,
},
)
}
Expand All @@ -183,7 +187,7 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
for _, tmp := range tempMappings {
p := tmp.mapping

if p.HostPort != 0 && !tmp.isInRange {
if p.HostPort != 0 {
remadeMappings = append(remadeMappings, p)
continue
}
Expand Down
1 change: 1 addition & 0 deletions test/e2e/network_create_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ var _ = Describe("Podman network create", func() {
)

BeforeEach(func() {
SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
Expand Down
2 changes: 2 additions & 0 deletions test/e2e/network_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ var _ = Describe("Podman network", func() {
)

BeforeEach(func() {
SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")

tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
Expand Down
64 changes: 64 additions & 0 deletions test/e2e/run_networking_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,69 @@ var _ = Describe("Podman run networking", func() {
Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
})

It("podman run -p 80-82 -p 8080:8080", func() {
name := "testctr"
session := podmanTest.Podman([]string{"create", "-t", "-p", "80-82", "-p", "8080:8080", "--name", name, ALPINE, "/bin/sh"})
session.WaitWithDefaultTimeout()
inspectOut := podmanTest.InspectContainer(name)
Expect(len(inspectOut)).To(Equal(1))
Expect(len(inspectOut[0].NetworkSettings.Ports)).To(Equal(4))
Expect(len(inspectOut[0].NetworkSettings.Ports["80/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80")))
Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["81/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0].HostPort).To(Not(Equal("81")))
Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["82/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["82/tcp"][0].HostPort).To(Not(Equal("82")))
Expect(inspectOut[0].NetworkSettings.Ports["82/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["8080/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostPort).To(Equal("8080"))
Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostIP).To(Equal(""))
})

It("podman run -p 80-81 -p 8080-8081", func() {
name := "testctr"
session := podmanTest.Podman([]string{"create", "-t", "-p", "80-81", "-p", "8080-8081", "--name", name, ALPINE, "/bin/sh"})
session.WaitWithDefaultTimeout()
inspectOut := podmanTest.InspectContainer(name)
Expect(len(inspectOut)).To(Equal(1))
Expect(len(inspectOut[0].NetworkSettings.Ports)).To(Equal(4))
Expect(len(inspectOut[0].NetworkSettings.Ports["80/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80")))
Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["81/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0].HostPort).To(Not(Equal("81")))
Expect(inspectOut[0].NetworkSettings.Ports["81/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["8080/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostPort).To(Not(Equal("8080")))
Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["8081/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["8081/tcp"][0].HostPort).To(Not(Equal("8081")))
Expect(inspectOut[0].NetworkSettings.Ports["8081/tcp"][0].HostIP).To(Equal(""))
})

It("podman run -p 80 -p 8080-8082:8080-8082", func() {
name := "testctr"
session := podmanTest.Podman([]string{"create", "-t", "-p", "80", "-p", "8080-8082:8080-8082", "--name", name, ALPINE, "/bin/sh"})
session.WaitWithDefaultTimeout()
inspectOut := podmanTest.InspectContainer(name)
Expect(len(inspectOut)).To(Equal(1))
Expect(len(inspectOut[0].NetworkSettings.Ports)).To(Equal(4))
Expect(len(inspectOut[0].NetworkSettings.Ports["80/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Not(Equal("80")))
Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["8080/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostPort).To(Equal("8080"))
Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["8081/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["8081/tcp"][0].HostPort).To(Equal("8081"))
Expect(inspectOut[0].NetworkSettings.Ports["8081/tcp"][0].HostIP).To(Equal(""))
Expect(len(inspectOut[0].NetworkSettings.Ports["8082/tcp"])).To(Equal(1))
Expect(inspectOut[0].NetworkSettings.Ports["8082/tcp"][0].HostPort).To(Equal("8082"))
Expect(inspectOut[0].NetworkSettings.Ports["8082/tcp"][0].HostIP).To(Equal(""))
})

It("podman run -p 8080:80", func() {
name := "testctr"
session := podmanTest.Podman([]string{"create", "-t", "-p", "8080:80", "--name", name, ALPINE, "/bin/sh"})
Expand Down Expand Up @@ -651,6 +714,7 @@ var _ = Describe("Podman run networking", func() {
})

It("podman run check dnsname plugin", func() {
SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
pod := "testpod"
session := podmanTest.Podman([]string{"pod", "create", "--name", pod})
session.WaitWithDefaultTimeout()
Expand Down
1 change: 1 addition & 0 deletions test/system/500-networking.bats
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ load helpers
# "network create" now works rootless, with the help of a special container
@test "podman network create" {
skip_if_remote "FIXME: pending #7808"
skip_if_rootless "Rootless CNI is tech preview in RHEL 8.2.1"

local mynetname=testnet-$(random_string 10)
local mysubnet=$(random_rfc1918_subnet)
Expand Down