Merge pull request #10182 from baude/machineCNI

Detect if in podman machine virtual vm

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/containernetworking/cni v0.8.1
 	github.com/containernetworking/plugins v0.9.1
 	github.com/containers/buildah v1.20.1-0.20210402144408-36a37402d0c8
-	github.com/containers/common v0.37.0
+	github.com/containers/common v0.37.1
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.11.1
 	github.com/containers/ocicrypt v1.1.1

go.sum

@@ -195,8 +195,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD
 github.com/containers/buildah v1.20.1-0.20210402144408-36a37402d0c8 h1:RlqbDlfE3+qrq4bNTZG7NVPqCDzfZrgE/yicu0VAykQ=
 github.com/containers/buildah v1.20.1-0.20210402144408-36a37402d0c8/go.mod h1:iowyscoAC5jwNDhs3c5CLGdBZ9FJk5UOoN2I5TdmXFs=
 github.com/containers/common v0.35.4/go.mod h1:rMzxgD7nMGw++cEbsp+NZv0UJO4rgXbm7F7IbJPTwIE=
-github.com/containers/common v0.37.0 h1:RRyR8FITTJXfrF7J9KXKSplywY4zsXoA2kuQXMaUaNo=
-github.com/containers/common v0.37.0/go.mod h1:dgbJcccCPTmncqxhma56+XW+6d5VzqGF6jtkMHyu3v0=
+github.com/containers/common v0.37.1 h1:V71FK6k2KsNgcNtspGlrdCaKrSml/SO6bKmJdWjSnaY=
+github.com/containers/common v0.37.1/go.mod h1:ONPdpc69oQG9e75v/eBzzAReuv0we5NcGdEzK4meDv4=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.10.5/go.mod h1:SgIbWEedCNBbn2FI5cH0/jed1Ecy2s8XK5zTxvJTzII=
@@ -216,7 +216,6 @@ github.com/containers/storage v1.24.8/go.mod h1:YC+2pY8SkfEAcZkwycxYbpK8EiRbx5so
 github.com/containers/storage v1.28.0/go.mod h1:ixAwO7Bj31cigqPEG7aCz+PYmxkDxbIFdUFioYdxbzI=
 github.com/containers/storage v1.28.1/go.mod h1:5bwiMh2LkrN3AWIfDFMH7A/xbVNLcve+oeXYvHvW8cc=
 github.com/containers/storage v1.29.0/go.mod h1:u84RU4CCufGeJBNTRNwMB+FoE+AiFeFw4SsMoqAOeCM=
-github.com/containers/storage v1.30.0/go.mod h1:M/xn0pg6ReYFrLtWl5YELI/a4Xjq+Z3e5GJxQrJCcDI=
 github.com/containers/storage v1.30.1 h1:+87sZDoUp0uNsP45dWypHTWTEoy0eNDgFYjTU1XIRVQ=
 github.com/containers/storage v1.30.1/go.mod h1:NDJkiwxnSHD1Is+4DGcyR3SIEYSDOa0xnAW+uGQFx9E=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@@ -505,7 +504,6 @@ github.com/klauspost/compress v1.11.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs
 github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.12/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.12.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.12.2 h1:2KCfW3I9M7nSc5wOqXAlW2v2U6v+w6cbjvbfp+OykW8=
 github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=

libpod/network/config.go

@@ -149,7 +149,18 @@ type DNSNameConfig struct {
 	Capabilities map[string]bool `json:"capabilities"`
 }
 
+//  PodmanMachineConfig enables port handling on the host OS
+type PodmanMachineConfig struct {
+	PluginType   string          `json:"type"`
+	Capabilities map[string]bool `json:"capabilities"`
+}
+
 // Bytes outputs the configuration as []byte
 func (d DNSNameConfig) Bytes() ([]byte, error) {
 	return json.MarshalIndent(d, "", "\t")
 }
+
+// Bytes outputs the configuration as []byte
+func (p PodmanMachineConfig) Bytes() ([]byte, error) {
+	return json.MarshalIndent(p, "", "\t")
+}

libpod/network/create.go

@@ -231,6 +231,10 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon
 			plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
 		}
 	}
+	// Add the podman-machine CNI plugin if we are in a machine
+	if runtimeConfig.MachineEnabled() { // check if we are in a machine vm
+		plugins = append(plugins, NewPodmanMachinePlugin())
+	}
 	ncList["plugins"] = plugins
 	b, err := json.MarshalIndent(ncList, "", "   ")
 	if err != nil {

libpod/network/netconflist.go

@@ -293,3 +293,12 @@ func getCreatedTimestamp(config *config.Config, netconf *libcni.NetworkConfigLis
 	created := time.Unix(int64(stat.Ctim.Sec), int64(stat.Ctim.Nsec)) // nolint: unconvert
 	return &created, nil
 }
+
+func NewPodmanMachinePlugin() PodmanMachineConfig {
+	caps := make(map[string]bool, 1)
+	caps["portMappings"] = true
+	return PodmanMachineConfig{
+		PluginType:   "podman-machine",
+		Capabilities: caps,
+	}
+}

vendor/github.com/containers/common/pkg/config/config.go

@@ -263,6 +263,9 @@ type EngineConfig struct {
 	// LockType is the type of locking to use.
 	LockType string `toml:"lock_type,omitempty"`
 
+	// MachineEnabled indicates if Podman is running in a podman-machine VM
+	MachineEnabled bool `toml:"machine_enabled,omitempty"`
+
 	// MultiImageArchive - if true, the container engine allows for storing
 	// archives (e.g., of the docker-archive transport) with multiple
 	// images.  By default, Podman creates single-image archives.

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -336,6 +336,11 @@ default_sysctls = [
 #
 # lock_type** = "shm"
 
+# Indicates if Podman is running inside a VM via Podman Machine.
+# Podman uses this value to do extra setup around networking from the
+# container inside the VM to to host.
+# machine_enabled=false
+
 # MultiImageArchive - if true, the container engine allows for storing archives
 # (e.g., of the docker-archive transport) with multiple images.  By default,
 # Podman creates single-image archives.
@@ -403,7 +408,7 @@ default_sysctls = [
 # List of the OCI runtimes that support --format=json.  When json is supported
 # engine will use it for reporting nicer errors.
 #
-# runtime_supports_json = ["crun", "runc", "kata"]
+# runtime_supports_json = ["crun", "runc", "kata", "runsc"]
 
 # List of the OCI runtimes that supports running containers without cgroups.
 #
@@ -432,7 +437,7 @@ default_sysctls = [
 #     Path to file containing ssh identity key
 #     identity = "~/.ssh/id_rsa"
 
-# Paths to look for a valid OCI runtime (crun, runc, kata, etc)
+# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc)
 [engine.runtimes]
 # crun = [
 #            "/usr/bin/crun",
@@ -465,6 +470,16 @@ default_sysctls = [
 #            "/usr/bin/kata-fc",
 # ]
 
+# runsc = [
+#            "/usr/bin/runsc",
+#            "/usr/sbin/runsc",
+#            "/usr/local/bin/runsc",
+#            "/usr/local/sbin/runsc",
+#            "/bin/runsc",
+#            "/sbin/runsc",
+#            "/run/current-system/sw/bin/runsc",
+# ]
+
 [engine.volume_plugins]
 # testplugin = "/run/podman/plugins/test.sock"
 

vendor/github.com/containers/common/pkg/config/default.go

@@ -278,6 +278,15 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 			"/usr/bin/kata-qemu",
 			"/usr/bin/kata-fc",
 		},
+		"runsc": {
+			"/usr/bin/runsc",
+			"/usr/sbin/runsc",
+			"/usr/local/bin/runsc",
+			"/usr/local/sbin/runsc",
+			"/bin/runsc",
+			"/sbin/runsc",
+			"/run/current-system/sw/bin/runsc",
+		},
 	}
 	// Needs to be called after populating c.OCIRuntimes
 	c.OCIRuntime = c.findRuntime()
@@ -299,6 +308,8 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 	c.RuntimeSupportsJSON = []string{
 		"crun",
 		"runc",
+		"kata",
+		"runsc",
 	}
 	c.RuntimeSupportsNoCgroups = []string{"crun"}
 	c.RuntimeSupportsKVM = []string{"kata", "kata-runtime", "kata-qemu", "kata-fc"}
@@ -314,6 +325,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 	// TODO - ideally we should expose a `type LockType string` along with
 	// constants.
 	c.LockType = "shm"
+	c.MachineEnabled = false
 
 	return c, nil
 }
@@ -524,3 +536,7 @@ func (c *Config) Umask() string {
 func (c *Config) LogDriver() string {
 	return c.Containers.LogDriver
 }
+
+func (c *Config) MachineEnabled() bool {
+	return c.Engine.MachineEnabled
+}

vendor/github.com/containers/common/version/version.go

@@ -1,4 +1,4 @@
 package version
 
 // Version is the version of the build.
-const Version = "0.37.0"
+const Version = "0.37.1"

vendor/modules.txt

@@ -96,7 +96,7 @@ github.com/containers/buildah/pkg/parse
 github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/supplemented
 github.com/containers/buildah/util
-# github.com/containers/common v0.37.0
+# github.com/containers/common v0.37.1
 github.com/containers/common/pkg/apparmor
 github.com/containers/common/pkg/apparmor/internal/supported
 github.com/containers/common/pkg/auth