instead of using the --macvlan to indicate that you want to make a
macvlan network, podman network create now honors the driver name of
*macvlan*. Any options to macvlan, like the parent device, should be
specified as a -o option. For example, -o parent=eth0.
the --macvlan option was marked as deprecated in the man page but is
still supported for the duration of 3.0.
Signed-off-by: baude <bbaude@redhat.com>
when doing a network creation, the dnsname plugin should be disabled
when the --internal bool is set. a warning is displayed if this
happens and docs are updated.
Signed-off-by: baude <bbaude@redhat.com>
Commit(fe3faa517e) introduced a lock file for network create/rm calls.
There is a problem with the location of the lock file. The lock file was
stored in the tmpdir. Running multiple podman network create/remove
commands in parallel with different tmpdirs made the lockfile inaccessible
to the other process, and so parallel read/write operations to the cni
config directory continued to occur. This scenario happened frequently
during the e2e tests and caused some flakes.
Fixes#9041
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
`staticcheck` is a golang code analysis tool. https://staticcheck.io/
This commit fixes a lot of problems found in our code. Common problems are:
- unnecessary use of fmt.Sprintf
- duplicated imports with different names
- unnecessary check that a key exists before a delete call
There are still a lot of reported problems in the test files but I have
not looked at those.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
`podman network create` should always add a gateway to the cni config.
If no gateway is given use the first ip in the subnet. CNI does not require
the gateway field but we need it because of network inspect.
This worked with previous version but was dropped in Commit(e7a72d72fd).
Fixes#8748
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Add label support for podman network create. Use the `args`
field in the cni config file to store the podman labels.
Use `podman_labels` as key name and store the labels as
map[string]string.
For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-confighttps://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration
Example snippet:
```
...
"args": {
"podman_labels": {
"key1":"value1",
"key2":"value2"
}
}
...
```
Make podman network list support several filters. Supported filters are name,
plugin, driver and label. Filters with different keys work exclusive. Several label
filters work exclusive and the other filter keys are working inclusive.
Also adjust the compat api to support labels in network create and list.
Breaking changes:
- podman network ls -f shortform is used for --filter instead --format
This matches docker and other podman commands (container ps, volume ps)
- libpod network list endpoint filter parameter is removed. Instead the
filters paramter should be used as json encoded map[string][]string.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
First, make sure we are only trying to remove the network
interface if we are root.
Second, if we cannot get the interface name (e.g macvlan config)
then we should not fail. Just remove the config file.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The cni plugin `tuning` is required to set a custom mac address.
This plugin is configured in the default cni config file which is
packaged with podman but was not included the generated config form
`podman network create`.
Fixes#8385
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The `LastIPInSubnet` function worked only for classful subnet
masks (e.g. /8, /16, /24). For non standard subnet masks this
returned the wrong ip address.
This works now for all subnet mask. A unit test is added to
ensure this.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
this enables the ability to connect and disconnect a container from a
given network. it is only for the compatibility layer. some code had to
be refactored to avoid circular imports.
additionally, tests are being deferred temporarily due to some
incompatibility/bug in either docker-py or our stack.
Signed-off-by: baude <bbaude@redhat.com>
enable the ipv6 flag in podman network to be able to create
dual-stack networks for containers.
This is required to be compatible with docker, where --ipv6
really means dual stack.
podman, unlike docker, support IPv6 only containers since
07e3f1bba9.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
podman can now support adding network aliases when running containers
(--network-alias). It requires an updated dnsname plugin as well as an
updated ocicni to work properly.
Signed-off-by: baude <bbaude@redhat.com>
The rootless-cni-infra container always has the dnsname
plugin installed. It makes no sense to check if it is
present on the host.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
due to a lack of "locking" on cni operations, we could get ourselves in trouble when doing rapid creation or removal of networks. added a simple file lock to deal with the collision and because it is not considered a performent path, use of the file lock should be ok. if proven otherwise in the future, some generic shared memory lock should be implemented for libpod and also used here.
moved pkog/network to libpod/network because libpod is now being pulled into the package and it has therefore lost its generic nature. this will make it easier to absorb into libpod as we try to make the network closer to core operations.
Fixes: #7807
Signed-off-by: baude <bbaude@redhat.com>
baude
Paul Holzinger
Josh Soref
Anders F Björklund
OpenShift Merge Robot
Antonio Ojea