Merge pull request #9423 from Luap99/rootless-cni-no-infra

rootless cni without infra container

Author: openshift-merge-robot

.cirrus.yml

@@ -440,7 +440,7 @@ apiv2_test_task:
         time_script: '$SCRIPT_BASE/logcollector.sh time'
 
 compose_test_task:
-    name: "compose test on $DISTRO_NV"
+    name: "compose test on $DISTRO_NV ($PRIV_NAME)"
     alias: compose_test
     only_if: *not_docs
     skip: *tags
@@ -450,6 +450,11 @@ compose_test_task:
     env:
         <<: *stdenvars
         TEST_FLAVOR: compose
+    matrix:
+      - env:
+            PRIV_NAME: root
+      - env:
+            PRIV_NAME: rootless
     clone_script: *noop  # Comes from cache
     gopath_cache: *ro_gopath_cache
     setup_script: *setup

contrib/cirrus/runner.sh

@@ -288,18 +288,6 @@ dotest() {
         exec_container  # does not return
     fi;
 
-    # shellcheck disable=SC2154
-    if [[ "$PRIV_NAME" == "rootless" ]] && [[ "$UID" -eq 0 ]]; then
-        req_env_vars ROOTLESS_USER
-        msg "Re-executing runner through ssh as user '$ROOTLESS_USER'"
-        msg "************************************************************"
-        set -x
-        exec ssh $ROOTLESS_USER@localhost \
-                -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
-                -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/runner.sh
-        # does not return
-    fi
-
     # containers/automation sets this to 0 for its dbg() function
     # but the e2e integration tests are also sensitive to it.
     unset DEBUG
@@ -340,6 +328,19 @@ msg "************************************************************"
 ((${SETUP_ENVIRONMENT:-0})) || \
     die "Expecting setup_environment.sh to have completed successfully"
 
+# shellcheck disable=SC2154
+if [[ "$PRIV_NAME" == "rootless" ]] && [[ "$UID" -eq 0 ]]; then
+    req_env_vars ROOTLESS_USER
+    msg "Re-executing runner through ssh as user '$ROOTLESS_USER'"
+    msg "************************************************************"
+    set -x
+    exec ssh $ROOTLESS_USER@localhost \
+            -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
+            -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/runner.sh
+    # Does not return!
+fi
+# else: not running rootless, do nothing special
+
 cd "${GOSRC}/"
 
 handler="_run_${TEST_FLAVOR}"

contrib/rootless-cni-infra/Containerfile

@@ -966,9 +966,7 @@ func (c *Container) completeNetworkSetup() error {
 	if err := c.syncContainer(); err != nil {
 		return err
 	}
-	if rootless.IsRootless() {
-		return c.runtime.setupRootlessNetNS(c)
-	} else if c.config.NetMode.IsSlirp4netns() {
+	if c.config.NetMode.IsSlirp4netns() {
 		return c.runtime.setupSlirp4netns(c)
 	}
 	if err := c.runtime.setupNetNS(c); err != nil {

contrib/rootless-cni-infra/README.md

@@ -92,11 +92,7 @@ func (c *Container) prepare() error {
 		// Set up network namespace if not already set up
 		noNetNS := c.state.NetNS == nil
 		if c.config.CreateNetNS && noNetNS && !c.config.PostConfigureNetNS {
-			if rootless.IsRootless() && len(c.config.Networks) > 0 {
-				netNS, networkStatus, createNetNSErr = AllocRootlessCNI(context.Background(), c)
-			} else {
-				netNS, networkStatus, createNetNSErr = c.runtime.createNetNS(c)
-			}
+			netNS, networkStatus, createNetNSErr = c.runtime.createNetNS(c)
 			if createNetNSErr != nil {
 				return
 			}

contrib/rootless-cni-infra/rootless-cni-infra

@@ -11,7 +11,6 @@ import (
 	"github.com/containernetworking/cni/pkg/version"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v3/pkg/domain/entities"
-	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -223,9 +222,8 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon
 	plugins = append(plugins, NewPortMapPlugin())
 	plugins = append(plugins, NewFirewallPlugin())
 	plugins = append(plugins, NewTuningPlugin())
-	// if we find the dnsname plugin or are rootless, we add configuration for it
-	// the rootless-cni-infra container has the dnsname plugin always installed
-	if (HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) || rootless.IsRootless()) && !options.DisableDNS {
+	// if we find the dnsname plugin we add configuration for it
+	if HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) && !options.DisableDNS {
 		if options.Internal {
 			logrus.Warnf("dnsname and --internal networks are incompatible.  dnsname plugin not configured for network %s", name)
 		} else {