When we parse CNI config files to convert them into a native Network
struct we should not error unless there is something broken.
The goal is to allow all cni configs to still function but podman
inspect will not be able to show all informations such as subnets about
this network.
Because this is a valid use case we only log this at info level.
Fixescontainers/podman#12990Fixescontainers/podman#13124
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If we have to write a new configuration file, close the file handle when
we finish writing to it, instead of just letting it pass out of scope.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Move generic warning to netavark/run and warns user if one or more
network has `DNSEnabled` and `aardvark-dns` binary is not set
Signed-off-by: Aditya R <arajan@redhat.com>
Use appropriate variable when producing warning for missing
aardvark-dns. Current output variable will always be empty when
aarvark-dns is missing.
Closes: https://github.com/containers/podman/issues/13412
Signed-off-by: Aditya R <arajan@redhat.com>
When we have the host-local ipam plugin we can support internal for
macvlan networks. In this case we just do not add the default route.
Since we cannot control this for dhcp we do not support internal there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In commit 60766b5e5e I forgot to add the field here, without this the
config field from containers.conf is not used in backend.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we create a bridge network and no subnet is given we will a free
one automatically. The current logic just took the first free /24
network after 10.89.0.0. Now we will instead use the default subnet pool
from containers.conf. The default value is still the same but users can
change it if they want. This also fixes a problem where podman network
create could pick a public ipv4 network when all 10.0.0.0/8 networks
were already used. Now it will error if no free subnet is found in the
subnet pools.
Fixes#930
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
NextSubnet() has to work for more than a, b, c class networks. We also
have to increment arbitrary subnets when we add support for a new config
field where users can specify this.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This file should not be tracked in git. To prevent coverprofile from
being added in the future we also add it to gitignore.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Since a internal network has no connectivity to the outside we should
not add a default route. Also make sure to not add the default route
more than once for ipv4/ipv6.
Ref containers/podman#13153
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
netavark + aardvark support this when we add a gateway ip to the config
so that aardvark can use this address to bind on it.
We only add the gateway when not internal or when dns is enabled. If
internal without dns we do not need the gw address.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we create a macvlan network we should not check if the subnet is
already in use on the host since this is expected for macvlan networks.
Only bridge networks should use this check.
Fixescontainers/podman#12971
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Tells netavark if invocation is for `rootful` or `rootless`
containers.
* Pass `tmpfs` based runRoot to netavark so it can write/read configs
from there.
Signed-off-by: Aditya R <arajan@redhat.com>
Since the network namespace is shared for all rootful libpod instances
we also need to make sure to use the same network config dir and run dir
to ensure that we do not use the same subnet or ip for more than one
container.
Also update the documentation about the network_config_dir field.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the dhcp ipam driver is used podman does not know any subnets so we
cannot verify if the given static ip is in the subnet.
Fixescontainers/podman#12762
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is possible that two processes write at the same time and this could
lead to an invalid value in the file.
I think this fixes a race condition which was observed in the buildah
integration tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
While we can store the default network name outside this network
interface it can become out of sync with the interface.
In buildah it can be useful to get the name from the interface.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The HardwareAddr type must bbe the actual value and not a pointer
otherwise the marshal logic will not use this function. Added a test to
confirm that this works.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should not use XDG_RUNTIME_DIR for the ipam db. This directory is
shared but we need the ipam db per storage. We can use the runroot for
this. It should be a tmpfs to reset the ipam assignments after a reboot.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the caller can decide the lockfile path it is just more likely that
there is a lock missmatch due different lock names. We should always
just use the config dir and use a lock with a static name.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the network backend is unset in the config we have to to figure out
if we need CNI or netavark. New installs should use netavark while
existing installs should continue to use CNI to prevent breaking
systems.
We use the following conditions to determine what backend to use:
1. read ${graphroot}/defaultNetworkBackend
2. find netavark binary (if not installed use CNI)
3. check containers, images and CNI networks and if there are some
we have an existing install and should continue to use CNI
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Copy the libpod/network packages from podman to here so we can use the
same code in buildah as well.
This is mostly a one to one copy only the import paths have been changed
and some errors were added.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Valentin Rothberg