Merge pull request #16817 from Luap99/no-CNI

libpod: remove CNI word were no longer applicable

libpod/boltdb_state.go

@@ -57,10 +57,13 @@ type BoltState struct {
 //   operations.
 // - execBkt: Map of exec session ID to container ID - used for resolving
 //   exec session IDs to the containers that hold the exec session.
-// - aliasesBkt - Contains a bucket for each CNI network, which contain a map of
-//   network alias (an extra name for containers in DNS) to the ID of the
-//   container holding the alias. Aliases must be unique per-network, and cannot
-//   conflict with names registered in nameRegistryBkt.
+// - networksBkt: Contains all network names as key with their options json
+//   encoded as value.
+// - aliasesBkt - Deprecated, use the networksBkt. Used to contain a bucket
+//   for each CNI network which contain a map of network alias (an extra name
+//   for containers in DNS) to the ID of the container holding the alias.
+//   Aliases must be unique per-network, and cannot conflict with names
+//   registered in nameRegistryBkt.
 // - runtimeConfigBkt: Contains configuration of the libpod instance that
 //   initially created the database. This must match for any further instances
 //   that access the database, to ensure that state mismatches with
@@ -1056,7 +1059,7 @@ func (s *BoltState) AllContainers() ([]*Container, error) {
 	return ctrs, nil
 }
 
-// GetNetworks returns the CNI networks this container is a part of.
+// GetNetworks returns the networks this container is a part of.
 func (s *BoltState) GetNetworks(ctr *Container) (map[string]types.PerNetworkOptions, error) {
 	if !s.valid {
 		return nil, define.ErrDBClosed
@@ -1346,11 +1349,11 @@ func (s *BoltState) NetworkDisconnect(ctr *Container, network string) error {
 		ctrAliasesBkt := dbCtr.Bucket(aliasesBkt)
 		ctrNetworksBkt := dbCtr.Bucket(networksBkt)
 		if ctrNetworksBkt == nil {
-			return fmt.Errorf("container %s is not connected to any CNI networks, so cannot disconnect: %w", ctr.ID(), define.ErrNoSuchNetwork)
+			return fmt.Errorf("container %s is not connected to any networks, so cannot disconnect: %w", ctr.ID(), define.ErrNoSuchNetwork)
 		}
 		netConnected := ctrNetworksBkt.Get([]byte(network))
 		if netConnected == nil {
-			return fmt.Errorf("container %s is not connected to CNI network %q: %w", ctr.ID(), network, define.ErrNoSuchNetwork)
+			return fmt.Errorf("container %s is not connected to network %q: %w", ctr.ID(), network, define.ErrNoSuchNetwork)
 		}
 
 		if err := ctrNetworksBkt.Delete([]byte(network)); err != nil {

libpod/container.go

@@ -1251,12 +1251,7 @@ func (c *Container) Secrets() []*ContainerSecret {
 // Networks gets all the networks this container is connected to.
 // Please do NOT use ctr.config.Networks, as this can be changed from those
 // values at runtime via network connect and disconnect.
-// If the container is configured to use CNI and this function returns an empty
-// array, the container will still be connected to the default network.
-// The second return parameter, a bool, indicates that the container
-// is joining the default CNI network - the network name will be included in the
-// returned array of network names, but the container did not explicitly join
-// this network.
+// Returned array of network names or error.
 func (c *Container) Networks() ([]string, error) {
 	if !c.batched {
 		c.lock.Lock()

libpod/container_config.go

@@ -24,7 +24,7 @@ type ContainerConfig struct {
 	// in when the container is created, but it is not the final spec used
 	// to run the container - it will be modified by Libpod to add things we
 	// manage (e.g. bind mounts for /etc/resolv.conf, named volumes, a
-	// network namespace prepared by CNI or slirp4netns) in the
+	// network namespace prepared by the network backend) in the
 	// generateSpec() function.
 	Spec *spec.Spec `json:"spec"`
 

libpod/container_inspect.go

@@ -552,7 +552,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
 	hostConfig.NetworkMode = networkMode
 
 	// Port bindings.
-	// Only populate if we're using CNI to configure the network.
+	// Only populate if we are creating the network namespace to configure the network.
 	if c.config.CreateNetNS {
 		hostConfig.PortBindings = makeInspectPortBindings(c.config.PortMappings)
 	} else {

libpod/container_internal.go

@@ -984,7 +984,7 @@ func (c *Container) completeNetworkSetup() error {
 		return err
 	}
 	state := c.state
-	// collect any dns servers that cni tells us to use (dnsname)
+	// collect any dns servers that the network backend tells us to use
 	for _, status := range c.getNetworkStatus() {
 		for _, server := range status.DNSServerIPs {
 			nameservers = append(nameservers, server.String())

libpod/container_validate.go

@@ -82,7 +82,7 @@ func (c *Container) validate() error {
 		return fmt.Errorf("cannot set static IP or MAC address if not creating a network namespace: %w", define.ErrInvalidArg)
 	}
 
-	// Cannot set static IP or MAC if joining >1 CNI network.
+	// Cannot set static IP or MAC if joining >1 network.
 	if len(c.config.Networks) > 1 && (c.config.StaticIP != nil || c.config.StaticMAC != nil) {
 		return fmt.Errorf("cannot set static IP or MAC address if joining more than one network: %w", define.ErrInvalidArg)
 	}

libpod/define/container_inspect.go

@@ -606,7 +606,7 @@ type InspectBasicNetworkConfig struct {
 	AdditionalMacAddresses []string `json:"AdditionalMACAddresses,omitempty"`
 }
 
-// InspectAdditionalNetwork holds information about non-default CNI networks the
+// InspectAdditionalNetwork holds information about non-default networks the
 // container has been connected to.
 // As with InspectNetworkSettings, many fields are unused and maintained only
 // for compatibility with Docker.
@@ -642,7 +642,7 @@ type InspectNetworkSettings struct {
 	LinkLocalIPv6PrefixLen int                          `json:"LinkLocalIPv6PrefixLen"`
 	Ports                  map[string][]InspectHostPort `json:"Ports"`
 	SandboxKey             string                       `json:"SandboxKey"`
-	// Networks contains information on non-default CNI networks this
+	// Networks contains information on non-default networks this
 	// container has joined.
 	// It is a map of network name to network information.
 	Networks map[string]*InspectAdditionalNetwork `json:"Networks,omitempty"`

libpod/define/pod_inspect.go

@@ -120,7 +120,7 @@ type InspectPodInfraConfig struct {
 	// HostAdd adds a number of hosts to the infra container's resolv.conf
 	// which will be shared with the rest of the pod.
 	HostAdd []string
-	// Networks is a list of CNI networks the pod will join.
+	// Networks is a list of networks the pod will join.
 	Networks []string
 	// NetworkOptions are additional options for each network
 	NetworkOptions map[string][]string

libpod/networking_common.go

@@ -41,7 +41,7 @@ func (c *Container) convertPortMappings() []types.PortMapping {
 func (c *Container) getNetworkOptions(networkOpts map[string]types.PerNetworkOptions) types.NetworkOptions {
 	opts := types.NetworkOptions{
 		ContainerID:   c.config.ID,
-		ContainerName: getCNIPodName(c),
+		ContainerName: getNetworkPodName(c),
 	}
 	opts.PortMappings = c.convertPortMappings()
 
@@ -78,9 +78,9 @@ func (r *Runtime) setUpNetwork(ns string, opts types.NetworkOptions) (map[string
 	return results, err
 }
 
-// getCNIPodName return the pod name (hostname) used by CNI and the dnsname plugin.
+// getNetworkPodName return the pod name (hostname) used by dns backend.
 // If we are in the pod network namespace use the pod name otherwise the container name
-func getCNIPodName(c *Container) string {
+func getNetworkPodName(c *Container) string {
 	if c.config.NetMode.IsPod() || c.IsInfra() {
 		pod, err := c.runtime.state.Pod(c.PodID())
 		if err == nil {
@@ -92,7 +92,7 @@ func getCNIPodName(c *Container) string {
 
 // Tear down a container's network configuration and joins the
 // rootless net ns as rootless user
-func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error {
+func (r *Runtime) teardownNetworkBackend(ns string, opts types.NetworkOptions) error {
 	rootlessNetNS, err := r.GetRootlessNetNs(false)
 	if err != nil {
 		return err
@@ -106,7 +106,7 @@ func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error {
 
 	// rootlessNetNS is nil if we are root
 	if rootlessNetNS != nil {
-		// execute the cni setup in the rootless net ns
+		// execute the network setup in the rootless net ns
 		err = rootlessNetNS.Do(tearDownPod)
 		if cerr := rootlessNetNS.Cleanup(r); cerr != nil {
 			logrus.WithError(err).Error("failed to clean up rootless netns")
@@ -118,9 +118,9 @@ func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error {
 	return err
 }
 
-// Tear down a container's CNI network configuration, but do not tear down the
+// Tear down a container's network backend configuration, but do not tear down the
 // namespace itself.
-func (r *Runtime) teardownCNI(ctr *Container) error {
+func (r *Runtime) teardownNetwork(ctr *Container) error {
 	if ctr.state.NetNS == nil {
 		// The container has no network namespace, we're set
 		return nil
@@ -136,7 +136,7 @@ func (r *Runtime) teardownCNI(ctr *Container) error {
 	if !ctr.config.NetMode.IsSlirp4netns() &&
 		!ctr.config.NetMode.IsPasta() && len(networks) > 0 {
 		netOpts := ctr.getNetworkOptions(networks)
-		return r.teardownNetwork(ctr.state.NetNS.Path(), netOpts)
+		return r.teardownNetworkBackend(ctr.state.NetNS.Path(), netOpts)
 	}
 	return nil
 }
@@ -154,10 +154,8 @@ func isBridgeNetMode(n namespaces.NetworkMode) error {
 // It will tear down, and then reconfigure, the network of the container.
 // This is mainly used when a reload of firewall rules wipes out existing
 // firewall configuration.
-// Efforts will be made to preserve MAC and IP addresses, but this only works if
-// the container only joined a single CNI network, and was only assigned a
-// single MAC or IP.
-// Only works on root containers at present, though in the future we could
+// Efforts will be made to preserve MAC and IP addresses.
+// Only works on containers with bridge networking at present, though in the future we could
 // extend this to stop + restart slirp4netns
 func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) {
 	if ctr.state.NetNS == nil {
@@ -168,9 +166,9 @@ func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.Statu
 	}
 	logrus.Infof("Going to reload container %s network", ctr.ID())
 
-	err := r.teardownCNI(ctr)
+	err := r.teardownNetwork(ctr)
 	if err != nil {
-		// teardownCNI will error if the iptables rules do not exists and this is the case after
+		// teardownNetwork will error if the iptables rules do not exists and this is the case after
 		// a firewall reload. The purpose of network reload is to recreate the rules if they do
 		// not exists so we should not log this specific error as error. This would confuse users otherwise.
 		// iptables-legacy and iptables-nft will create different errors make sure to match both.
@@ -248,7 +246,7 @@ func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, e
 		}
 		// We can't do more if the network is down.
 
-		// We still want to make dummy configurations for each CNI net
+		// We still want to make dummy configurations for each network
 		// the container joined.
 		if len(networks) > 0 {
 			settings.Networks = make(map[string]*define.InspectAdditionalNetwork, len(networks))
@@ -370,7 +368,7 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro
 	}
 
 	// check if network exists and if the input is a ID we get the name
-	// CNI only uses names so it is important that we only use the name
+	// CNI and netavark and the libpod db only uses names so it is important that we only use the name
 	netName, err = c.runtime.normalizeNetworkName(netName)
 	if err != nil {
 		return err
@@ -402,14 +400,14 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro
 
 	opts := types.NetworkOptions{
 		ContainerID:   c.config.ID,
-		ContainerName: getCNIPodName(c),
+		ContainerName: getNetworkPodName(c),
 	}
 	opts.PortMappings = c.convertPortMappings()
 	opts.Networks = map[string]types.PerNetworkOptions{
 		netName: networks[netName],
 	}
 
-	if err := c.runtime.teardownNetwork(c.state.NetNS.Path(), opts); err != nil {
+	if err := c.runtime.teardownNetworkBackend(c.state.NetNS.Path(), opts); err != nil {
 		return err
 	}
 
@@ -470,7 +468,7 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro
 
 // ConnectNetwork connects a container to a given network
 func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNetworkOptions) error {
-	// only the bridge mode supports cni networks
+	// only the bridge mode supports networks
 	if err := isBridgeNetMode(c.config.NetMode); err != nil {
 		return err
 	}
@@ -484,7 +482,7 @@ func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNe
 	}
 
 	// check if network exists and if the input is a ID we get the name
-	// CNI only uses names so it is important that we only use the name
+	// CNI and netavark and the libpod db only uses names so it is important that we only use the name
 	netName, err = c.runtime.normalizeNetworkName(netName)
 	if err != nil {
 		return err
@@ -525,7 +523,7 @@ func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNe
 
 	opts := types.NetworkOptions{
 		ContainerID:   c.config.ID,
-		ContainerName: getCNIPodName(c),
+		ContainerName: getNetworkPodName(c),
 	}
 	opts.PortMappings = c.convertPortMappings()
 	opts.Networks = map[string]types.PerNetworkOptions{
@@ -626,7 +624,7 @@ func getFreeInterfaceName(networks map[string]types.PerNetworkOptions) string {
 	return ""
 }
 
-// DisconnectContainerFromNetwork removes a container from its CNI network
+// DisconnectContainerFromNetwork removes a container from its network
 func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force bool) error {
 	ctr, err := r.LookupContainer(nameOrID)
 	if err != nil {
@@ -635,7 +633,7 @@ func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force
 	return ctr.NetworkDisconnect(nameOrID, netName, force)
 }
 
-// ConnectContainerToNetwork connects a container to a CNI network
+// ConnectContainerToNetwork connects a container to a network
 func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error {
 	ctr, err := r.LookupContainer(nameOrID)
 	if err != nil {

libpod/networking_freebsd.go

@@ -85,7 +85,7 @@ func (r *RootlessNetNS) getPath(path string) string {
 
 // Do - run the given function in the rootless netns.
 // It does not lock the rootlessCNI lock, the caller
-// should only lock when needed, e.g. for cni operations.
+// should only lock when needed, e.g. for network operations.
 func (r *RootlessNetNS) Do(toRun func() error) error {
 	return errors.New("not supported on freebsd")
 }
@@ -192,7 +192,7 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
 		// do not return an error otherwise we would prevent network cleanup
 		logrus.Errorf("failed to free gvproxy machine ports: %v", err)
 	}
-	if err := r.teardownCNI(ctr); err != nil {
+	if err := r.teardownNetwork(ctr); err != nil {
 		return err
 	}
 

libpod/networking_linux.go

@@ -63,7 +63,7 @@ func (r *RootlessNetNS) getPath(path string) string {
 
 // Do - run the given function in the rootless netns.
 // It does not lock the rootlessCNI lock, the caller
-// should only lock when needed, e.g. for cni operations.
+// should only lock when needed, e.g. for network operations.
 func (r *RootlessNetNS) Do(toRun func() error) error {
 	err := r.ns.Do(func(_ ns.NetNS) error {
 		// Before we can run the given function,
@@ -269,7 +269,7 @@ func (r *RootlessNetNS) Cleanup(runtime *Runtime) error {
 		// at this stage the container is already locked.
 		// also do not try to lock only containers which are not currently in net
 		// teardown because this will result in an ABBA deadlock between the rootless
-		// cni lock and the container lock
+		// rootless netns lock and the container lock
 		// because we need to get the state we have to sync otherwise this will not
 		// work because the state is empty by default
 		// I do not like this but I do not see a better way at moment
@@ -702,7 +702,7 @@ func (r *Runtime) teardownNetNS(ctr *Container) error {
 	// Do not check the error here, we want to always umount the netns
 	// This will ensure that the container interface will be deleted
 	// even when there is a CNI or netavark bug.
-	prevErr := r.teardownCNI(ctr)
+	prevErr := r.teardownNetwork(ctr)
 
 	// First unmount the namespace
 	if err := netns.UnmountNS(ctr.state.NetNS.Path()); err != nil {

libpod/networking_unsupported.go

@@ -42,12 +42,12 @@ func (r *Runtime) normalizeNetworkName(nameOrID string) (string, error) {
 	return "", errors.New("not implemented (*Runtime) normalizeNetworkName")
 }
 
-// DisconnectContainerFromNetwork removes a container from its CNI network
+// DisconnectContainerFromNetwork removes a container from its network
 func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force bool) error {
 	return errors.New("not implemented (*Runtime) DisconnectContainerFromNetwork")
 }
 
-// ConnectContainerToNetwork connects a container to a CNI network
+// ConnectContainerToNetwork connects a container to a network
 func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error {
 	return errors.New("not implemented (*Runtime) ConnectContainerToNetwork")
 }
@@ -59,7 +59,7 @@ func (r *RootlessNetNS) getPath(path string) string {
 
 // Do - run the given function in the rootless netns.
 // It does not lock the rootlessCNI lock, the caller
-// should only lock when needed, e.g. for cni operations.
+// should only lock when needed, e.g. for network operations.
 func (r *RootlessNetNS) Do(toRun func() error) error {
 	return errors.New("not implemented (*RootlessNetNS) Do")
 }

libpod/options.go

@@ -374,8 +374,8 @@ func WithNoPivotRoot() RuntimeOption {
 	}
 }
 
-// WithCNIConfigDir sets the CNI configuration directory.
-func WithCNIConfigDir(dir string) RuntimeOption {
+// WithNetworkConfigDir sets the network configuration directory.
+func WithNetworkConfigDir(dir string) RuntimeOption {
 	return func(rt *Runtime) error {
 		if rt.valid {
 			return define.ErrRuntimeFinalized

pkg/api/server/register_networks.go

@@ -181,7 +181,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error {
 	// tags:
 	//  - networks (compat)
 	// summary: Delete unused networks
-	// description: Remove CNI networks that do not have containers
+	// description: Remove networks that do not have containers
 	// produces:
 	// - application/json
 	// parameters:
@@ -213,7 +213,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error {
 	// tags:
 	//  - networks
 	// summary: Remove a network
-	// description: Remove a CNI configured network
+	// description: Remove a configured network
 	// parameters:
 	//  - in: path
 	//    name: name
@@ -289,8 +289,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error {
 	//  - networks
 	// summary: Inspect a network
 	// description: |
-	//   Display low level configuration for a CNI network.
-	//     - In a 200 response, all of the fields named Bytes are returned as a Base64 encoded string.
+	//   Display configuration for a network.
 	// parameters:
 	//  - in: path
 	//    name: name
@@ -391,7 +390,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error {
 	// tags:
 	//  - networks
 	// summary: Delete unused networks
-	// description: Remove CNI networks that do not have containers
+	// description: Remove networks that do not have containers
 	// produces:
 	// - application/json
 	// parameters:

pkg/bindings/network/network.go

@@ -12,7 +12,7 @@ import (
 	jsoniter "github.com/json-iterator/go"
 )
 
-// Create makes a new CNI network configuration
+// Create makes a new network configuration
 func Create(ctx context.Context, network *types.Network) (types.Network, error) {
 	return CreateWithOptions(ctx, network, nil)
 }
@@ -50,7 +50,7 @@ func CreateWithOptions(ctx context.Context, network *types.Network, extraCreateO
 	return report, response.Process(&report)
 }
 
-// Inspect returns low level information about a CNI network configuration
+// Inspect returns information about a network configuration
 func Inspect(ctx context.Context, nameOrID string, _ *InspectOptions) (types.Network, error) {
 	var net types.Network
 	conn, err := bindings.GetClient(ctx)
@@ -66,7 +66,7 @@ func Inspect(ctx context.Context, nameOrID string, _ *InspectOptions) (types.Net
 	return net, response.Process(&net)
 }
 
-// Remove deletes a defined CNI network configuration by name.  The optional force boolean
+// Remove deletes a defined network configuration by name.  The optional force boolean
 // will remove all containers associated with the network when set to true.  A slice
 // of NetworkRemoveReports are returned.
 func Remove(ctx context.Context, nameOrID string, options *RemoveOptions) ([]*entities.NetworkRmReport, error) {
@@ -91,7 +91,7 @@ func Remove(ctx context.Context, nameOrID string, options *RemoveOptions) ([]*en
 	return reports, response.Process(&reports)
 }
 
-// List returns a summary of all CNI network configurations
+// List returns a summary of all network configurations
 func List(ctx context.Context, options *ListOptions) ([]types.Network, error) {
 	var netList []types.Network
 	if options == nil {
@@ -192,7 +192,7 @@ func Exists(ctx context.Context, nameOrID string, options *ExistsOptions) (bool,
 	return response.IsSuccess(), nil
 }
 
-// Prune removes unused CNI networks
+// Prune removes unused networks
 func Prune(ctx context.Context, options *PruneOptions) ([]*entities.NetworkPruneReport, error) {
 	if options == nil {
 		options = new(PruneOptions)

pkg/bindings/network/types.go

@@ -76,7 +76,7 @@ type ExistsOptions struct {
 }
 
 // PruneOptions are optional options for removing unused
-// CNI networks
+// networks
 //
 //go:generate go run ../generator/generator.go PruneOptions
 type PruneOptions struct {

pkg/domain/infra/runtime_libpod.go

@@ -253,7 +253,7 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo
 	// TODO flag to set libpod tmp dir?
 
 	if fs.Changed("network-config-dir") {
-		options = append(options, libpod.WithCNIConfigDir(cfg.ContainersConf.Network.NetworkConfigDir))
+		options = append(options, libpod.WithNetworkConfigDir(cfg.ContainersConf.Network.NetworkConfigDir))
 	}
 	if fs.Changed("default-mounts-file") {
 		options = append(options, libpod.WithDefaultMountsFile(cfg.ContainersConf.Containers.DefaultMountsFile))

pkg/machine/ignition.go

@@ -334,7 +334,7 @@ Delegate=memory pids cpu io
 		},
 	})
 
-	// Set containers.conf up for core user to use cni networks
+	// Set containers.conf up for core user to use networks
 	// by default
 	files = append(files, File{
 		Node: Node{

pkg/specgen/namespaces.go

@@ -44,7 +44,7 @@ const (
 	// be joined.  loopback should still exist.
 	// Only used with the network namespace, invalid otherwise.
 	NoNetwork NamespaceMode = "none"
-	// Bridge indicates that a CNI network stack
+	// Bridge indicates that the network backend (CNI/netavark)
 	// should be used.
 	// Only used with the network namespace, invalid otherwise.
 	Bridge NamespaceMode = "bridge"