- add cni build tag to libnetwork/cni
- split libnetwork/network into multiple files so that cni support can be made
optionally available
- add -cni build targets to Makefile and build for amd64 with and without cni
- add a simple upgrade mechanism if the user never set the network backend explicitly
- add cni build tag to .golangci.yml to prevent false positives
See also https://issues.redhat.com/browse/RUN-1943
Signed-off-by: Dan Čermák <dcermak@suse.com>
Just pass down the full containers.conf as this is needed by
rootlessnetns code, also remove the now duplicated fields and read the
options directly from the config struct.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Used `go fmt` rules to migrate away from deprecated functions, for
instance `gofmt -w -s -r 'ioutil.TempDir(a, b) -> os.MkdirTemp(a, b)'`
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We are using CNI for systems that have run podman system reset, if
storage is setup with additional stores. This change will ignore
additional store images and will use netarvark on clean systems.
[NO NEW TESTS NEEDED]
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2124887
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When the configuration directory is on a read-only filesystem,
there's no risk of concurrency issues as there's no possibility
of changing anything. As such, while it prevents the use of our
default lock location, it also removes any need for a lock at
all.
Making the lock entirely optional is a lot of code, so instead of
doing that let's just put it in our temporary files directory,
where it can't hurt anything.
Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit allows using aardvark with an alternate port as per
implementation in containers/netavark#323
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
unparam and exportloopref already work without changes.
For revive I had to silence many naming issues. I decided to silence them
instead of changing the name because I didn't want to break any code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
machine.IsPodmanMachine replaces MachineEnabled
machine.MachineHostType informs the type unknown, qemu, wsl, etc
machine.IsGvProxyBased used to make specific determinations re gvproxy
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Those were added by commit 4fcb18dca, but are apparently no longer
needed.
Reported-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
gofumpt is a stricter version of gofmt, basically making the code more
readable, and fixing the gocritic's octalLiterar warnings like this one:
pkg/util/util_supported.go:26:17: octalLiteral: use new octal literal style, 0o722 (gocritic)
return (perm & 0722) == 0700
^
Generated by gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Move generic warning to netavark/run and warns user if one or more
network has `DNSEnabled` and `aardvark-dns` binary is not set
Signed-off-by: Aditya R <arajan@redhat.com>
Use appropriate variable when producing warning for missing
aardvark-dns. Current output variable will always be empty when
aarvark-dns is missing.
Closes: https://github.com/containers/podman/issues/13412
Signed-off-by: Aditya R <arajan@redhat.com>
In commit 60766b5e5e I forgot to add the field here, without this the
config field from containers.conf is not used in backend.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Since the network namespace is shared for all rootful libpod instances
we also need to make sure to use the same network config dir and run dir
to ensure that we do not use the same subnet or ip for more than one
container.
Also update the documentation about the network_config_dir field.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is possible that two processes write at the same time and this could
lead to an invalid value in the file.
I think this fixes a race condition which was observed in the buildah
integration tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should not use XDG_RUNTIME_DIR for the ipam db. This directory is
shared but we need the ipam db per storage. We can use the runroot for
this. It should be a tmpfs to reset the ipam assignments after a reboot.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the caller can decide the lockfile path it is just more likely that
there is a lock missmatch due different lock names. We should always
just use the config dir and use a lock with a static name.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the network backend is unset in the config we have to to figure out
if we need CNI or netavark. New installs should use netavark while
existing installs should continue to use CNI to prevent breaking
systems.
We use the following conditions to determine what backend to use:
1. read ${graphroot}/defaultNetworkBackend
2. find netavark binary (if not installed use CNI)
3. check containers, images and CNI networks and if there are some
we have an existing install and should continue to use CNI
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Dan Čermák
Oleksandr Redko
Paul Holzinger
Chetan Giradkar
Valentin Rothberg
Daniel J Walsh
Matthew Heon
Dominique Martinet
Doug Rabson
Jason T. Greene
Kir Kolyshkin
Aditya R