From b55756e07bd55bc595fc2b22cd6223ed8fff8267 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Sun, 21 Feb 2021 16:27:25 +0100 Subject: [PATCH] Fix podman network IDs handling The libpod network logic knows about networks IDs but OCICNI does not. We cannot pass the network ID to OCICNI. Instead we need to make sure we only use network names internally. This is also important for libpod since we also only store the network names in the state. If we would add a ID there the same networks could accidentally be added twice. Fixes #9451 Signed-off-by: Paul Holzinger --- libpod/network/files.go | 4 +- libpod/network/network.go | 19 ++++- libpod/networking_linux.go | 14 ++-- libpod/runtime_ctr.go | 16 ++++ test/e2e/network_connect_disconnect_test.go | 83 +++++++++++++++++++++ 5 files changed, 124 insertions(+), 12 deletions(-) diff --git a/libpod/network/files.go b/libpod/network/files.go index 33cf01064de7..05fba18f89ff 100644 --- a/libpod/network/files.go +++ b/libpod/network/files.go @@ -81,9 +81,9 @@ func GetCNIConfigPathByNameOrID(config *config.Config, name string) (string, err return "", errors.Wrap(define.ErrNoSuchNetwork, fmt.Sprintf("unable to find network configuration for %s", name)) } -// ReadRawCNIConfByName reads the raw CNI configuration for a CNI +// ReadRawCNIConfByNameOrID reads the raw CNI configuration for a CNI // network by name -func ReadRawCNIConfByName(config *config.Config, name string) ([]byte, error) { +func ReadRawCNIConfByNameOrID(config *config.Config, name string) ([]byte, error) { confFile, err := GetCNIConfigPathByNameOrID(config, name) if err != nil { return nil, err diff --git a/libpod/network/network.go b/libpod/network/network.go index cdaef6c13b50..3d44eb3ef374 100644 --- a/libpod/network/network.go +++ b/libpod/network/network.go @@ -7,6 +7,7 @@ import ( "net" "os" + "github.com/containernetworking/cni/libcni" "github.com/containernetworking/cni/pkg/types" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" "github.com/containers/common/pkg/config" @@ -222,7 +223,7 @@ func RemoveNetwork(config *config.Config, name string) error { // InspectNetwork reads a CNI config and returns its configuration func InspectNetwork(config *config.Config, name string) (map[string]interface{}, error) { - b, err := ReadRawCNIConfByName(config, name) + b, err := ReadRawCNIConfByNameOrID(config, name) if err != nil { return nil, err } @@ -234,7 +235,7 @@ func InspectNetwork(config *config.Config, name string) (map[string]interface{}, // Exists says whether a given network exists or not; it meant // specifically for restful responses so 404s can be used func Exists(config *config.Config, name string) (bool, error) { - _, err := ReadRawCNIConfByName(config, name) + _, err := ReadRawCNIConfByNameOrID(config, name) if err != nil { if errors.Cause(err) == define.ErrNoSuchNetwork { return false, nil @@ -277,3 +278,17 @@ func PruneNetworks(rtc *config.Config, usedNetworks map[string]bool) ([]*entitie } return reports, nil } + +// NormalizeName translates a network ID into a name. +// If the input is a name the name is returned. +func NormalizeName(config *config.Config, nameOrID string) (string, error) { + path, err := GetCNIConfigPathByNameOrID(config, nameOrID) + if err != nil { + return "", err + } + conf, err := libcni.ConfListFromFile(path) + if err != nil { + return "", err + } + return conf.Name, nil +} diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index de6f75d3eba3..8e65d3f6f295 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -1139,13 +1139,12 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro return err } - exists, err := network.Exists(c.runtime.config, netName) + // check if network exists and if the input is a ID we get the name + // ocicni only uses names so it is important that we only use the name + netName, err = network.NormalizeName(c.runtime.config, netName) if err != nil { return err } - if !exists { - return errors.Wrap(define.ErrNoSuchNetwork, netName) - } index, nameExists := networks[netName] if !nameExists && len(networks) > 0 { @@ -1196,13 +1195,12 @@ func (c *Container) NetworkConnect(nameOrID, netName string, aliases []string) e return err } - exists, err := network.Exists(c.runtime.config, netName) + // check if network exists and if the input is a ID we get the name + // ocicni only uses names so it is important that we only use the name + netName, err = network.NormalizeName(c.runtime.config, netName) if err != nil { return err } - if !exists { - return errors.Wrap(define.ErrNoSuchNetwork, netName) - } c.lock.Lock() defer c.lock.Unlock() diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 1b3532f1f441..6f49efed5293 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -12,6 +12,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/libpod/network" "github.com/containers/podman/v2/libpod/shutdown" "github.com/containers/podman/v2/pkg/cgroups" "github.com/containers/podman/v2/pkg/domain/entities/reports" @@ -285,6 +286,21 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai return nil, err } + // normalize the networks to names + // ocicni only knows about cni names so we have to make + // sure we do not use ids internally + if len(ctr.config.Networks) > 0 { + netNames := make([]string, 0, len(ctr.config.Networks)) + for _, nameOrID := range ctr.config.Networks { + netName, err := network.NormalizeName(r.config, nameOrID) + if err != nil { + return nil, err + } + netNames = append(netNames, netName) + } + ctr.config.Networks = netNames + } + // Inhibit shutdown until creation succeeds shutdown.Inhibit() defer shutdown.Uninhibit() diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index cc23b10c11ff..60739898ee87 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -195,6 +195,54 @@ var _ = Describe("Podman network connect and disconnect", func() { Expect(exec.ExitCode()).To(BeZero()) }) + It("podman network connect and run with network ID", func() { + SkipIfRootless("network connect and disconnect are only rootful") + netName := "ID" + stringid.GenerateNonCryptoID() + session := podmanTest.Podman([]string{"network", "create", netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName) + + session = podmanTest.Podman([]string{"network", "ls", "--format", "{{.ID}}", "--filter", "name=" + netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + netID := session.OutputToString() + + ctr := podmanTest.Podman([]string{"run", "-dt", "--name", "test", "--network", netID, ALPINE, "top"}) + ctr.WaitWithDefaultTimeout() + Expect(ctr.ExitCode()).To(BeZero()) + + exec := podmanTest.Podman([]string{"exec", "-it", "test", "ip", "addr", "show", "eth0"}) + exec.WaitWithDefaultTimeout() + Expect(exec.ExitCode()).To(BeZero()) + + // Create a second network + newNetName := "ID2" + stringid.GenerateNonCryptoID() + session = podmanTest.Podman([]string{"network", "create", newNetName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(newNetName) + + session = podmanTest.Podman([]string{"network", "ls", "--format", "{{.ID}}", "--filter", "name=" + netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + newNetID := session.OutputToString() + + connect := podmanTest.Podman([]string{"network", "connect", newNetID, "test"}) + connect.WaitWithDefaultTimeout() + Expect(connect.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"container", "inspect", "test", "--format", "{{.NetworkSettings.Networks}}"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(BeZero()) + Expect(inspect.OutputToString()).To(ContainSubstring(netName)) + Expect(inspect.OutputToString()).To(ContainSubstring(newNetName)) + + exec = podmanTest.Podman([]string{"exec", "-it", "test", "ip", "addr", "show", "eth1"}) + exec.WaitWithDefaultTimeout() + Expect(exec.ExitCode()).To(BeZero()) + }) + It("podman network disconnect when not running", func() { SkipIfRootless("network connect and disconnect are only rootful") netName1 := "aliasTest" + stringid.GenerateNonCryptoID() @@ -234,4 +282,39 @@ var _ = Describe("Podman network connect and disconnect", func() { exec.WaitWithDefaultTimeout() Expect(exec.ExitCode()).ToNot(BeZero()) }) + + It("podman network disconnect and run with network ID", func() { + SkipIfRootless("network connect and disconnect are only rootful") + netName := "aliasTest" + stringid.GenerateNonCryptoID() + session := podmanTest.Podman([]string{"network", "create", netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName) + + session = podmanTest.Podman([]string{"network", "ls", "--format", "{{.ID}}", "--filter", "name=" + netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + netID := session.OutputToString() + + ctr := podmanTest.Podman([]string{"run", "-dt", "--name", "test", "--network", netID, ALPINE, "top"}) + ctr.WaitWithDefaultTimeout() + Expect(ctr.ExitCode()).To(BeZero()) + + exec := podmanTest.Podman([]string{"exec", "-it", "test", "ip", "addr", "show", "eth0"}) + exec.WaitWithDefaultTimeout() + Expect(exec.ExitCode()).To(BeZero()) + + dis := podmanTest.Podman([]string{"network", "disconnect", netID, "test"}) + dis.WaitWithDefaultTimeout() + Expect(dis.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"container", "inspect", "test", "--format", "{{len .NetworkSettings.Networks}}"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(BeZero()) + Expect(inspect.OutputToString()).To(Equal("0")) + + exec = podmanTest.Podman([]string{"exec", "-it", "test", "ip", "addr", "show", "eth0"}) + exec.WaitWithDefaultTimeout() + Expect(exec.ExitCode()).ToNot(BeZero()) + }) })