Do not pull rootless CNI infra image

Instead, we want to advise users to manually build the image. We cannot distribute the existing image for RHEL 8.4.0, and the feature will be tech preview, so this degraded user experience will have to be sufficient until we can get a better solution in place. Ref: https://issues.redhat.com/browse/RUN-1127 Please note that this is a RHEL only change and should not be included in non-RHEL branches. This is a forward-port of the original changes in containers#8671 to the new v3.0.1-rhel branch. Signed-off-by: Matthew Heon <mheon@redhat.com>
mheon · Mar 1, 2021 · ab5ed82 · ab5ed82
1 parent a413ee8
commit ab5ed82
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 15 deletions.
diff --git a/contrib/rootless-cni-infra/README.md b/contrib/rootless-cni-infra/README.md
@@ -1,6 +1,11 @@
 # rootless-cni-infra
 
-Infra container for CNI-in-slirp4netns.
+Infra container for CNI-in-slirp4netns. This is required for rootless CNI networking.
+
+To build the rootless CNI infra container image, please download both the Containerfile and `rootless-cni-infra` files to an otherwise empty directory.
+Then, run `podman build -t rootless-cni-infra .` on that directory as the user who will be running rootless Podman.
+
+Once the image has been built, Podman will automatically use it as required to create CNI networks.
 
 ## How it works
 

diff --git a/libpod/rootless_cni_linux.go b/libpod/rootless_cni_linux.go
@@ -7,14 +7,11 @@ import (
 	"context"
 	"io"
 	"path/filepath"
-	"runtime"
 
 	cnitypes "github.com/containernetworking/cni/pkg/types/current"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containers/podman/v3/libpod/define"
-	"github.com/containers/podman/v3/libpod/image"
 	"github.com/containers/podman/v3/pkg/env"
-	"github.com/containers/podman/v3/pkg/util"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/hashicorp/go-multierror"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -23,11 +20,6 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// Built from ../contrib/rootless-cni-infra.
-var rootlessCNIInfraImage = map[string]string{
-	"amd64": "quay.io/libpod/rootless-cni-infra@sha256:adf352454666f7ce9ca3e1098448b5ee18f89c4516471ec99447ec9ece917f36", // 5-amd64
-}
-
 const (
 	rootlessCNIInfraContainerNamespace = "podman-system"
 	rootlessCNIInfraContainerName      = "rootless-cni-infra"
@@ -259,14 +251,13 @@ func ensureRootlessCNIInfraContainerRunning(ctx context.Context, r *Runtime) (*C
 }
 
 func startRootlessCNIInfraContainer(ctx context.Context, r *Runtime) (*Container, error) {
-	imageName, ok := rootlessCNIInfraImage[runtime.GOARCH]
-	if !ok {
-		return nil, errors.Errorf("cannot find rootless-podman-network-sandbox image for %s", runtime.GOARCH)
-	}
+	imageName := "rootless-cni-infra"
 	logrus.Debugf("rootless CNI: ensuring image %q to exist", imageName)
-	newImage, err := r.ImageRuntime().New(ctx, imageName, "", "", nil, nil,
-		image.SigningOptions{}, nil, util.PullImageMissing)
+	newImage, err := r.ImageRuntime().NewFromLocal(imageName)
 	if err != nil {
+		if errors.Cause(err) == define.ErrNoSuchImage {
+			return nil, errors.Errorf("rootless CNI infra image not present - please build image from https://github.com/containers/podman/blob/v3.0.1-rhel/contrib/rootless-cni-infra/ and tag as %q", imageName)
+		}
 		return nil, err
 	}
 	logrus.Debugf("rootless CNI: image %q is ready", imageName)

diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go
@@ -48,6 +48,7 @@ var _ = Describe("Podman run with --mac-address flag", func() {
 	})
 
 	It("Podman run --mac-address with custom network", func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		net := "n1" + stringid.GenerateNonCryptoID()
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()

diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
@@ -69,6 +69,7 @@ var _ = Describe("Podman network create", func() {
 	)
 
 	BeforeEach(func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)

diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
@@ -21,6 +21,8 @@ var _ = Describe("Podman network", func() {
 	)
 
 	BeforeEach(func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
+
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)

diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
@@ -628,6 +628,7 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run in custom CNI network with --static-ip", func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		netName := stringid.GenerateNonCryptoID()
 		ipAddr := "10.25.30.128"
 		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
@@ -660,6 +661,7 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run with new:pod and static-ip", func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		netName := stringid.GenerateNonCryptoID()
 		ipAddr := "10.25.40.128"
 		podname := "testpod"
@@ -733,6 +735,7 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run check dnsname plugin", func() {
+		SkipIfRootless("rootless CNI is tech preview in RHEL 8.3.1")
 		pod := "testpod"
 		session := podmanTest.Podman([]string{"pod", "create", "--name", pod})
 		session.WaitWithDefaultTimeout()

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
@@ -98,6 +98,7 @@ load helpers
 # "network create" now works rootless, with the help of a special container
 @test "podman network create" {
     skip_if_remote "FIXME: pending #7808"
+    skip_if_rootless "Rootless CNI is tech preview in RHEL 8.2.1"
 
     local mynetname=testnet-$(random_string 10)
     local mysubnet=$(random_rfc1918_subnet)