[wip] podman: add support for specifying MAC #4058
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: filak-sap The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @filak-sap. Thanks for your PR. I'm waiting for a containers or openshift member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
needs-ok-to-test
|
Depends on cri-o/ocicni#61 |
filak-sap
force-pushed
the
implement_mac_address
branch
from
79ac2ec to
8df1d4c
Compare
|
@filak-sap Thanks for including the MAC support also in the checkpoint/restore code paths. From the checkpoint/restore part the newly added flags would need to be added to the bash completion and man-pages. Also a checkpoint/restore test using a static MAC would be helpful. |
rhatdan
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
/ok-to-test |
openshift-ci-robot
added
ok-to-test
and removed
needs-ok-to-test
|
/retest |
|
D'oh, sorry, the build is failing because of the missing MAC: |
|
Yeah, I don't think the tests will pass until OCICNI changes merge and get vendored here |
filak-sap
force-pushed
the
implement_mac_address
branch
from
8df1d4c to
97e5707
Compare
|
Amended with bashcompletions and man: diff --git a/completions/bash/podman b/completions/bash/podman
index 4bc38787..77f45619 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -877,6 +877,7 @@ _podman_container_restore() {
--tcp-established
--ignore-rootfs
--ignore-static-ip
+ --ignore-static-mac
"
case "$prev" in
-i|--import)
diff --git a/docs/podman-container-restore.1.md b/docs/podman-container-restore.1.md
index 1d2cf0b3..d71daf4a 100644
--- a/docs/podman-container-restore.1.md
+++ b/docs/podman-container-restore.1.md
@@ -76,6 +76,15 @@ a container is restored multiple times from an exported checkpoint with **--name
Using **--ignore-static-ip** tells Podman to ignore the IP address if it was configured
with **--ip** during container creation.
+**--ignore-static-mac**
+
+If the container was started with **--mac-address** the restored container also
+tries to use that MAC address and restore fails if that MAC address is already
+in use. This can happen, if a container is restored multiple times from an
+exported checkpoint with **--name, -n**.
+
+Using **--ignore-static-mac** tells Podman to ignore the MAC address if it was
+configured with **--mac-address** during container creation.
## EXAMPLE
podman container restore mywebserverI found only 1 occurrence of |
|
You need to run all of your code through gofmt. |
filak-sap
force-pushed
the
implement_mac_address
branch
from
97e5707 to
05302e0
Compare
|
Updated tests: diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go
index 1caefd29..90c6fc29 100644
--- a/test/e2e/checkpoint_test.go
+++ b/test/e2e/checkpoint_test.go
@@ -334,6 +334,10 @@ var _ = Describe("Podman checkpoint", func() {
IPBefore.WaitWithDefaultTimeout()
Expect(IPBefore.ExitCode()).To(Equal(0))
+ MACBefore := podmanTest.Podman([]string{"inspect", "-l", "--format={{.NetworkSettings.MacAddress}}"})
+ MACBefore.WaitWithDefaultTimeout()
+ Expect(MACBefore.ExitCode()).To(Equal(0))
+
result := podmanTest.Podman([]string{"container", "checkpoint", "test_name"})
result.WaitWithDefaultTimeout()
@@ -348,9 +352,16 @@ var _ = Describe("Podman checkpoint", func() {
IPAfter.WaitWithDefaultTimeout()
Expect(IPAfter.ExitCode()).To(Equal(0))
+ MACAfter := podmanTest.Podman([]string{"inspect", "-l", "--format={{.NetworkSettings.MacAddress}}"})
+ MACAfter.WaitWithDefaultTimeout()
+ Expect(MACAfter.ExitCode()).To(Equal(0))
+
// Check that IP address did not change between checkpointing and restoring
Expect(IPBefore.OutputToString()).To(Equal(IPAfter.OutputToString()))
+ // Check that MAC address did not change between checkpointing and restoring
+ Expect(MACBefore.OutputToString()).To(Equal(MACAfter.OutputToString()))
+
Expect(result.ExitCode()).To(Equal(0))
Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))
Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) |
filak-sap
force-pushed
the
implement_mac_address
branch
from
05302e0 to
7c2e7fc
Compare
|
Amended with changes made by I am sorry but I am not able to make |
|
OCICNI changes are landed, so vendoring the new version should get support in the library. |
|
|
I think the update process for vendor/ is: @vrothberg Concur? |
|
After a Looks like |
|
I restarted the failed tests - looked like flakes as the tests pass locally on my machine with this PR. |
|
The checkpoint tests fail reproducibly in the CI: |
|
I'll take a look at the checkpoint failures on Monday |
`go get github.com/cri-o/ocicni@deac903fd99b6c52d781c9f42b8db3af7dcfd00a` I had to fix compilation errors in libpod/networking_linux.go --- ocicni.Networks has changed from string to the structure NetAttachment with the member Name (the former string value) and the member Ifname (optional). I don't think we can make use of Ifname here, so I just map the array of structures to array of strings - e.g. dropping Ifname. --- The function GetPodNetworkStatus no longer returns Result but it returns the wrapper structure NetResult which contains the former Result plus NetAttachment (Network name and Interface name). Again, I don't think we can make use of that information here, so I just added `.Result` to fix the build. --- Issue: containers#1136 Signed-off-by: Jakub Filak <[email protected]>
|
Unfortunately, I am not sure what code actually sets MAC address to the given value. I found only I would love to fix the problem but I am not sure how to run end-2-end tests. |
|
Amended with: diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index e9848e34..d53a74aa 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1356,6 +1356,6 @@ func (c *Container) copyOwnerAndPerms(source, dest string) error {
// Teardown CNI config on refresh
func (c *Container) refreshCNI() error {
// Let's try and delete any lingering network config...
- podNetwork := c.runtime.getPodNetwork(c.ID(), c.config.Name, "", c.config.Networks, c.config.PortMappings, c.config.StaticIP)
+ podNetwork := c.runtime.getPodNetwork(c.ID(), c.config.Name, "", c.config.Networks, c.config.PortMappings, c.config.StaticIP, c.config.StaticMAC)
return c.runtime.netPlugin.TearDownPod(podNetwork)
}in order to fix build after commit b57d2f4 |
| IPBefore.WaitWithDefaultTimeout() | ||
| Expect(IPBefore.ExitCode()).To(Equal(0)) | ||
|
|
||
| MACBefore := podmanTest.Podman([]string{"inspect", "-l", "--format={{.NetworkSettings.MacAddress}}"}) |
There was a problem hiding this comment.
I don't know if we actually expect these to be the same, at present. podman checkpoint seems to have special code for restoring IP address, which I don't think is duplicated for MAC yet.
I don't know if we care, at this point - it might be safe to remove this test, which is the only thing not passing?
There was a problem hiding this comment.
Well, I am afraid that my changes pass the requested MAC to container networks but there is nothing reading it and changing network interface.
Can you give me a hint where I need to add the missing MAC handler, please?
There was a problem hiding this comment.
The changes you made to pod network get it into OCICNI, so I think this should work from our end. You might want to add some debug to make absolutely sure the settings are getting to getPodNetwork(). It they are, it's probably somewhere in ocicni.
filak-sap
force-pushed
the
implement_mac_address
branch
from
cc4fc71 to
f84646c
Compare
|
Ahhh - I think you're missing the actual configuration of static IP from Podman. Look at |
pkg/spec/createconfig.go
Outdated
There was a problem hiding this comment.
Ooops, I ignore errors (_) but I test err to nil on the very next line.
pkg/spec/createconfig.go
Outdated
There was a problem hiding this comment.
@mheon I at least try to add MAC to the network options.
I basically copied and adapted the statements for setting IP. Closes containers#1136 Signed-off-by: Jakub Filak <[email protected]>
filak-sap
force-pushed
the
implement_mac_address
branch
from
f84646c to
9b1fe1e
Compare
|
@adrianreber Mind looking at the checkpoint/restore bits here? The rest seems solid to me. |
|
@filak-sap About the checkpoint/restore failures: I think I am missing some context here. As you added code to handle static MAC addresses during restore it seems that this is something you tested and care about. That was my assumption. Seeing that the test cases fail contradicts this assumption. So it would be good to understand if checkpoint/restore with the same MAC is important to you. I would be very happy to have this feature, but if it is not something you actually care right now, I would say to either always restore with a random MAC (as it was before) and ignore the statically set MAC or just fail if the checkpointed container contains a static MAC setting. This way you can get your MAC feature into Podman and the checkpoint/restore with static MAC addresses can be done later. Again, I would be happy if this PR would add the MAC feature for checkpoint/restore, but if this is not important for you I would just skip it like described above. Ignore the static MAC on restore, fail on restore with a static MAC or early abort the restore if a static MAC is detected. |
|
☔ The latest upstream changes (presumably #4151) made this pull request unmergeable. Please resolve the merge conflicts. |
|
This pull request had no activity for 30 days. In the absence of activity or the "do-not-close" label, the pull request will be automatically closed within 7 days. |
|
We definitely still want this. @filak-sap Are you still working on this? |
|
@mheon is this something you could take over? |
|
@rhatdan I am a bit busy these days. I might have find free time next month :( |
|
Ok we will see if @mheon can take it over the finish line. |
|
@giuseppe You have time for this one? |
|
I've rebased the PR and opened a new one: #4451 |
github-actions
bot
added
the
locked - please file new issue/PR
8 participants
Signed-off-by: Jakub Filak [email protected]