Add default CNI configuration

podman needs a pair of configuration files to set up its default
network configuration: a bridge and loopback file.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #161
Approved by: baude

.papr.sh

@@ -94,5 +94,5 @@ if [[ ${PACKAGER} != "yum" ]]; then
 fi
 
 make TAGS="${TAGS}"
-make TAGS="${TAGS}" install PREFIX=/host/usr
+make TAGS="${TAGS}" install PREFIX=/host/usr ETCDIR=/host/etc
 make TAGS="${TAGS}" test-binaries

Dockerfile

@@ -79,23 +79,6 @@ RUN set -x \
        && cp bin/* /usr/libexec/cni \
        && rm -rf "$GOPATH"
 
-# Install custom CNI bridge test plugin
-# XXX: this plugin is meant to be a replacement for the old "test_plugin_args.bash"
-# we need this in testing because sandbox_run now gather IP address and the mock
-# plugin wasn't able to properly setup the net ns.
-# The bridge is based on the same commit as the one above.
-#ENV CNI_COMMIT 6bfe036c38c8e1410f1acaa4b2ee16f1851472e4
-ENV CNI_TEST_BRANCH custom-bridge
-RUN set -x \
-       && export GOPATH="$(mktemp -d)" \
-       && git clone https://github.com/runcom/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \
-       && cd "$GOPATH/src/github.com/containernetworking/plugins" \
-       && git checkout -q "$CNI_TEST_BRANCH" \
-       && ./build.sh \
-       && mkdir -p /opt/cni/bin \
-       && cp bin/bridge /opt/cni/bin/bridge-custom \
-       && rm -rf "$GOPATH"
-
 # Install crictl
 ENV CRICTL_COMMIT 16e6fe4d7199c5689db4630a9330e6a8a12cecd1
 RUN set -x \

Makefile

@@ -10,7 +10,7 @@ PREFIX ?= ${DESTDIR}/usr/local
 BINDIR ?= ${PREFIX}/bin
 LIBEXECDIR ?= ${PREFIX}/libexec
 MANDIR ?= ${PREFIX}/share/man
-ETCDIR ?= ${DESTDIR}/etc
+ETCDIR ?= /etc
 ETCDIR_LIBPOD ?= ${ETCDIR}/crio
 BUILDTAGS ?= seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) $(shell hack/btrfs_installed_tag.sh) $(shell hack/ostree_tag.sh) $(shell hack/selinux_tag.sh)
 
@@ -135,7 +135,7 @@ docs/%.1: docs/%.1.md .gopathok
 
 docs: $(MANPAGES)
 
-install: .gopathok install.bin install.man
+install: .gopathok install.bin install.man install.cni
 
 install.bin:
 	install ${SELINUXOPT} -D -m 755 bin/podman $(BINDIR)/podman
@@ -153,6 +153,10 @@ install.completions:
 	install ${SELINUXOPT} -d -m 755 ${BASHINSTALLDIR}
 	install ${SELINUXOPT} -m 644 -D completions/bash/podman ${BASHINSTALLDIR}
 
+install.cni:
+	install ${SELINUXOPT} -D -m 644 cni/98-podman-loopback.conf ${ETCDIR}/cni/net.d/98-podman-loopback.conf
+	install ${SELINUXOPT} -m 644 cni/97-podman-bridge.conf ${ETCDIR}/cni/net.d/97-podman-bridge.conf
+
 uninstall:
 	rm -f $(LIBEXECDIR)/crio/conmon
 	for i in $(filter %.1,$(MANPAGES)); do \

cni/97-podman-bridge.conf

@@ -1,6 +1,6 @@
 {
-    "cniVersion": "0.2.0",
+    "cniVersion": "0.3.0",
-    "name": "crio-bridge",
+    "name": "podman",
     "type": "bridge",
     "bridge": "cni0",
     "isGateway": true,

contrib/cni/README.md

@@ -1,16 +0,0 @@
-## `contrib/cni` ##
-
-There are a wide variety of different [CNI][cni] network configurations. This
-directory just contains some example configurations that can be used as the
-basis for your own configurations (distributions should package these files in
-example directories).
-
-To use these configurations, place them in `/etc/cni/net.d` (or the directory
-specified by `crio.network.network_dir` in your `crio.conf`).
-
-In addition, you need to install the [CNI plugins][cni] necessary into
-`/opt/cni/bin` (or the directory specified by `crio.network.plugin_dir`). The
-two plugins necessary for the example CNI configurations are `loopback` and
-`bridge`.
-
-[cni]: https://github.com/containernetworking/plugins

test/helpers.bash

@@ -85,7 +85,7 @@ HOOKS_OPTS="--hooks-dir-path=$HOOKSDIR"
 MOUNT_PATH="$TESTDIR/secrets"
 mkdir ${MOUNT_PATH}
 MOUNT_FILE="${MOUNT_PATH}/test.txt"
-touch ${MOUNT_FILE}
+touch ${MOUNT_FILE}}
 echo "Testing secrets mounts!" > ${MOUNT_FILE}
 
 DEFAULT_MOUNTS_OPTS="--default-mounts=${MOUNT_PATH}:/container/path1"
@@ -104,11 +104,16 @@ if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
     filelabel=$(awk -F'"' '/^file.*=.*/ {print $2}' /etc/selinux/${SELINUXTYPE}/contexts/lxc_contexts)
     chcon -R ${filelabel} $TESTDIR
 fi
-LIBPOD_CNI_CONFIG="$TESTDIR/cni/net.d/"
+
+LIBPOD_CNI_CONFIG="$TESTDIR/etc/cni/net.d/"
 LIBPOD_CNI_PLUGIN=${LIBPOD_CNI_PLUGIN:-/opt/cni/bin/}
 POD_CIDR="10.88.0.0/16"
 POD_CIDR_MASK="10.88.*.*"
 
+# Make sure the cni config dirs are created and populate them with the default configs
+mkdir -p ${LIBPOD_CNI_CONFIG}
+cp ${CRIO_ROOT}/cni/* ${LIBPOD_CNI_CONFIG}
+
 PODMAN_OPTIONS="--root $TESTDIR/crio $STORAGE_OPTIONS --runroot $TESTDIR/crio-run --runtime ${RUNTIME_BINARY} --conmon ${CONMON_BINARY} --cni-config-dir ${LIBPOD_CNI_CONFIG}"
 
 cp "$CONMON_BINARY" "$TESTDIR/conmon"
@@ -193,59 +198,6 @@ function is_apparmor_enabled() {
 	echo 0
 }
 
-function prepare_network_conf() {
-	mkdir -p $LIBPOD_CNI_CONFIG
-	cat >$LIBPOD_CNI_CONFIG/10-crio.conf <<-EOF
-{
-    "cniVersion": "0.2.0",
-    "name": "crionet",
-    "type": "bridge",
-    "bridge": "cni0",
-    "isGateway": true,
-    "ipMasq": true,
-    "ipam": {
-        "type": "host-local",
-        "subnet": "10.20.40.0/24",
-        "routes": [
-            { "dst": "0.0.0.0/0"  }
-        ]
-    }
-}
-EOF
-
-	cat >$LIBPOD_CNI_CONFIG/99-loopback.conf <<-EOF
-{
-    "cniVersion": "0.2.0",
-    "type": "loopback"
-}
-EOF
-
-	echo 0
-}
-
-function prepare_plugin_test_args_network_conf() {
-	mkdir -p $LIBPOD_CNI_CONFIG
-	cat >$LIBPOD_CNI_CONFIG/10-plugin-test-args.conf <<-EOF
-{
-    "cniVersion": "0.2.0",
-    "name": "crionet_test_args",
-    "type": "bridge-custom",
-    "bridge": "cni0",
-    "isGateway": true,
-    "ipMasq": true,
-    "ipam": {
-        "type": "host-local",
-        "subnet": "10.20.40.0/24",
-        "routes": [
-            { "dst": "0.0.0.0/0"  }
-        ]
-    }
-}
-EOF
-
-	echo 0
-}
-
 function check_pod_cidr() {
 	run crioctl ctr execsync --id $1 ip addr show dev eth0 scope global 2>&1
 	echo "$output"

test/podman_attach.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_commit.bats

@@ -9,7 +9,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_create.bats

@@ -3,7 +3,6 @@
 load helpers
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_diff.bats

@@ -3,7 +3,6 @@
 load helpers
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_exec.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_export.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_history.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_images.bats

@@ -4,10 +4,6 @@ load helpers
 
 IMAGE="busybox"
 
-function setup() {
-    prepare_network_conf
-}
-
 function teardown() {
     cleanup_test
 }

test/podman_import.bats

@@ -9,7 +9,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_inspect.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_kill.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_load.bats

@@ -3,7 +3,6 @@
 load helpers
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_logs.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_mount.bats

@@ -9,7 +9,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_pause.bats

@@ -3,7 +3,6 @@
 load helpers
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_ps.bats

@@ -4,7 +4,6 @@ load helpers
 
 IMAGE="redis:alpine"
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_push.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_rm.bats

@@ -3,7 +3,6 @@
 load helpers
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_run.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_run_device.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_run_ns.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_save.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_start.bats

@@ -3,7 +3,6 @@
 load helpers
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_stats.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_stop.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_top.bats

@@ -7,7 +7,6 @@ function teardown() {
 }
 
 function setup() {
-    prepare_network_conf
     copy_images
 }
 

test/podman_wait.bats

@@ -3,7 +3,6 @@
 load helpers
 
 function setup() {
-    prepare_network_conf
     copy_images
 }