This fixes the following staticcheck warning:
> libnetwork/netavark/config.go:297:2: QF1007: could merge conditional assignment into variable declaration (staticcheck)
> isMacVlan := true
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When a vlan is used there should be no bridge name conflict check. It is
totally valid to have the same bridge with different vlans in two
configs and that is the intended use case.
Fixes#2095
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman creates/initializes the network backend for every command. However
most commands will not need it so we should keep the required actions we
do to a minimum.
In this case the config directory /etc/containers/networks by default as
root may not exists and then we try to create it which can fail, i.e.
when /etc is read only[1].
The code here are a bit more changes then I would have liked but we must
make sure the default in memory network always exists and do not create
the directory there.
[1] https://github.com/containers/common/pull/2265
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
L2 will be used to allow using existing bridges which netavark will
neither create nor delete.
Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com>
Contains fixes for new linters, removed depracted and removed linters
from the config.
Most notably because we use go 1.22 now we can get rid of the copy for
loop vars[1]. Also as of the go 1..2 we can use the new int range syntax
in for loops the new intrange linter checks that.
[1] https://go.dev/blog/loopvar-preview
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is good to prevent any leaks but more important here there is a
bug because we cache the last assigned ip. However when a network is
removed the recreated with a different LeaseRange that ip might be very
well outside the expected range and the logic seems to handle this
correctly. I could fix it there but deleting the full bucket seems best
as it avoid other issues and leaking the bucket forever.
Fixescontainers/podman#22034
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Adds a couple of new linters with many new warnings:
- perfsprint (fixed in code, excluded for tests)
- revive (fix the problems, disabled the dot import check as we use it
for ginkgo)
- inamedparam (disabled because it is opinionated)
- testifylint (great linter but we have like 1000+ issues that I have no
time fixing now)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The strict isolate refuses to communicate with non-isolate and isolate.
Signed-off-by: Saigusa Yasushi <56156402+yassi-github@users.noreply.github.com>
Users can now suplly custom network drivers which will execute the
netavark plugin to create the network. Netavark will execute the pluign
to setup/teardown the netns.
see https://github.com/containers/netavark/pull/509
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Remove the code duplication and share some code between the ipvlan and
macvlan config creation.
Also fixes a problem with the macvlan dhcp selection, we have to set the
driver to dhcp if it is unset and no subnets are given.
Ipvlan does not support DHCP because the interfaces share the same mac
address.
Added tests for both the mcvlan dhcp selection and the ipvlan creation.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
With progress on netavark-dhcp-proxy, we can begin to macvlan with dhcp
back into the fold for netavark.
Signed-off-by: Brent Baude <bbaude@redhat.com>
New features in netavark/aardvark allows users to update network dns
servers and all the containers attached to those networks uses updated
resolvers.
Following PR adds support in `libnetwork` to support
* Add support for higher level `NetworkUpdate` API
* Add support for `Update` exec call which can invoke netavark with a
new update option added here: https://github.com/containers/netavark/pull/503
Signed-off-by: Aditya R <arajan@redhat.com>
For now, only add IgnoreIfExists flag.
Having this flag is very useful when using scripts or systemd unit files
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
libnetwork must allow to pass network_dns_servers so aardvark and
netavark can consume it and enabled network scoped dns.
Feature implemented at netavark and aardvark end
* Netavark: https://github.com/containers/netavark/pull/497
Signed-off-by: Aditya R <arajan@redhat.com>
All the gruntwork is done by Netavark, so all that's needed it to
know the key exists and verify that it parses as a uint.
Signed-off-by: Matthew Heon <mheon@redhat.com>
This is not supported in netavark so we should set to false by default
to make sure podman inspect will show the correct info.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
`github.com/pkg/errors` is deprecated since quite some time so we now
use the native error wrapping for more idiomatic golang.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
This only gets the libnetwork part to build - I have not tried to
get the rest of netavark to build on FreeBSD.
Signed-off-by: Doug Rabson <dfr@rabson.org>
unparam and exportloopref already work without changes.
For revive I had to silence many naming issues. I decided to silence them
instead of changing the name because I didn't want to break any code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Those were added by commit 4fcb18dca, but are apparently no longer
needed.
Reported-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When we create a network with the ipam driver none we should disabled
dns automatically. Since we mange no ips we cannot provide name
resolution anyway.
This fixes a problem I spotted when adding test to the podman CI.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Network create now uses the ipam driver. This allows the user to
configure the ipam driver manually instead of choosing a fixed default.
If the ipam driver is `none` no ips will be assigned to this container.
This means that only the interfaces are created.
This will require a patch in netavark since it rejects the config when
no static ips are provided.
Ref containers/podman#13521
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If we have to write a new configuration file, close the file handle when
we finish writing to it, instead of just letting it pass out of scope.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we create a bridge network and no subnet is given we will a free
one automatically. The current logic just took the first free /24
network after 10.89.0.0. Now we will instead use the default subnet pool
from containers.conf. The default value is still the same but users can
change it if they want. This also fixes a problem where podman network
create could pick a public ipv4 network when all 10.0.0.0/8 networks
were already used. Now it will error if no free subnet is found in the
subnet pools.
Fixes#930
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
netavark + aardvark support this when we add a gateway ip to the config
so that aardvark can use this address to bind on it.
We only add the gateway when not internal or when dns is enabled. If
internal without dns we do not need the gw address.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we create a macvlan network we should not check if the subnet is
already in use on the host since this is expected for macvlan networks.
Only bridge networks should use this check.
Fixescontainers/podman#12971
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Copy the libpod/network packages from podman to here so we can use the
same code in buildah as well.
This is mostly a one to one copy only the import paths have been changed
and some errors were added.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Kir Kolyshkin