Podman6: Remove slirp (attempt 2) #27828
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Remove test cases that specifically test CNI functionality: - Remove "podman --cni-config-dir backwards compat" test - Remove "podman inspect container single/two CNI networks" tests - Remove "podman CNI network create with internal should not have dnsname" test - Remove "podman run in custom CNI network with --static-ip" test - Remove "podman rootless cni adds /usr/sbin to PATH" test Update CNI-specific references to be network-backend agnostic: - Update skip reasons from "Requires root CNI networking" to "Requires root networking" - Change --rootless-cni flag usage to --rootless-netns - Update comments from "CNI network" to "network" - Update test assertions to remove CNI-specific messaging Remove CNI-related test documentation and comments: - Remove commented-out CNI error messages from Python API tests - Remove CNI network namespace error documentation from upgrade tests - Remove CNI-related comments from BATS tests Remove unused import of github.com/containernetworking/plugins/pkg/ns from test/e2e/run_networking_test.go (test-only usage). Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove test framework code that supported dual network backends: Test utilities: - Remove NetworkBackend enum type and constants (CNI, Netavark) - Remove NetworkBackend.ToString() method - Remove NetworkBackend field from PodmanTest struct Test infrastructure: - Remove SkipIfCNI() helper function - Remove SkipIfNetavark() helper function - Remove network backend selection logic based on NETWORK_BACKEND env var - Remove CNI-specific network config directory setup - Hardcode "netavark" in podman command line construction (flag will be removed in later commit) Simplify test helpers: - Simplify generateNetworkConfig() to only generate Netavark configs - Remove conditional CNI vs Netavark network ID logic - Update IP allocation comment to remove CNI-specific behavior description Remove SkipIfCNI() calls from tests: - Remove skip guards from Netavark-only feature tests - These tests now run universally since Netavark is the only backend Documentation: - Remove NETWORK_BACKEND environment variable from test/README.md All tests that were previously skipped with SkipIfCNI (Netavark-only features) will now run for all users since Netavark is the only supported network backend. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
lsm5
added
No New Tests
Remove user-facing CLI options for CNI network backend: CLI flags: - Remove --network-backend global flag - Remove flag registration and shell completion for network backend Shell completions: - Remove AutocompleteNetworkBackend() function - Remove references to CNI and Netavark type constants Backward compatibility: - Remove --rootless-cni flag alias for podman unshare - Remove SetNormalizeFunc that mapped rootless-cni to rootless-netns - Update --rootless-netns flag description to mention only netavark The --network-backend flag was already hidden, and is now completely removed. Users can no longer specify CNI as a network backend option. The --rootless-cni alias is also removed; users must use --rootless-netns. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove runtime configuration options for CNI network backend: Runtime options: - Remove WithNetworkBackend() runtime option function - Function allowed setting network backend programmatically Flag handling: - Remove --network-backend flag change detection - Remove call to WithNetworkBackend() when flag changed - Remove TODO comment about CNI plugins directory flag The network backend configuration is now handled entirely by the vendored common/libnetwork code, which will default to Netavark. There is no longer any way to configure CNI as the network backend through Podman's runtime initialization. Note: libpod/info.go keeps existing NetworkBackend reporting logic which will automatically report "netavark" as the only backend since configuration defaults to netavark and cannot be changed to CNI. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove CNI-specific conditional logic and update comments throughout the libpod networking code: - Simplified DNS configuration logic in container_internal_common.go to always use netavark behavior (removed backend checks) - Removed CNI-specific iptables chain error regex pattern - Updated all comments referencing 'CNI' to use 'netavark' or 'network backend' - Renamed variable 'cniNet' to 'netInfo' for clarity - Updated field and type documentation to remove CNI references All networking code now assumes netavark as the sole backend. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Removed all CNI-specific documentation from man pages: - podman.1.md: Simplified --network-config-dir to only mention netavark directories - podman-network.1.md: Removed dual backend description, now states netavark is the only backend - podman-network-create.1.md: Removed CNI-specific notes about DNS and DHCP socket configuration - podman-network-connect.1.md: Removed CNI limitation note about network aliases - options/network-alias.md: Removed CNI limitation note about network aliases - podman-info.1.md: Updated example output to show netavark backend information instead of CNI All man pages now reflect netavark as the sole network backend. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove CNI migration instructions and backend selection guidance from the basic networking tutorial. Simplify DHCP configuration section to only document netavark setup, removing CNI-specific instructions. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
lsm5
force-pushed
the
podman6-no-slirp-new
branch
from
6d4fa51 to
4e8450c
Compare
Remove all slirp4netns-specific test cases in preparation for removing slirp4netns support entirely. These tests are no longer needed as pasta is becoming the default and only rootless network backend. Changes include: - Remove slirp4netns-specific tests from e2e test suite - Remove slirp4netns network mode tests - Remove slirp4netns from invalid network name tests - Update slirp4netns to pasta in comment in systemd test - Remove slirp4netns from containers.conf default_rootless_network_cmd test Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
lsm5
force-pushed
the
podman6-no-slirp-new
branch
4 times, most recently
from
e67408b to
4fd6fb9
Compare
Implement automatic one-time migration from slirp4netns to pasta for existing containers. When a container using slirp4netns is started, it will automatically migrate to pasta with compatible options mapped. Also change the default rootless network backend from slirp4netns to pasta. When default_rootless_network_cmd is set to slirp4netns in containers.conf, a deprecation warning is logged and pasta is used instead. Changes: - Add migrateSlirp4netnsToPasta() function to auto-migrate containers - Integrate migration into prepareToStart() before container init - Map compatible options: mtu, enable_ipv6, outbound_addr - Warn about unsupported options: cidr, allow_host_loopback - Change default from slirp4netns to pasta in container_create.go - Add deprecation warning in networking_linux.go for slirp4netns mode The migration is transparent to users and happens automatically on first container start after upgrade. Note: Migration test cases cannot be included as creating new containers with --network=slirp4netns is no longer supported. The migration code remains functional for pre-existing containers. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This commit prevents new containers from using slirp4netns by: - Removing the Slirp constant from pkg/specgen/namespaces.go - Updating ParseNetworkFlag() to return error when slirp4netns is specified - Removing slirpType constant from pkg/namespaces/namespaces.go - Keeping IsSlirp4netns() method as deprecated for existing callers (will be removed in next commit after cleanup) - Removing Slirp cases from specgen/generate files: - namespaces.go: Removed Slirp case from network namespace setup - oci_linux.go: Removed Slirp from userns compatibility check - pod_create.go: Removed Slirp pod network case - container.go: Removed Slirp clone handling and port mapping check - Updating pod_validate.go to remove Slirp from port mapping validation New containers attempting to use slirp4netns will now receive clear error: "slirp4netns is no longer supported, please use pasta instead" Existing containers with slirp4netns will auto-migrate on start (handled by previous commit's migration logic). Part of slirp4netns removal series (Commit 3/7). Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove all slirp4netns-specific setup and helper functions while preserving the RootlessRLK (RootlessKit) port mapping functions that are still used by pasta and bridge networking. Changes: - Remove setupSlirp4netns() and getSlirp4netnsIP() functions - Remove slirp4netnsSubnet field from Container struct - Remove slirp4netns network setup case from configureNetNS - Remove slirp4netns-specific etchosts and DNS handling - Remove IsSlirp4netns() method from NetworkMode type - Rename networking_slirp4netns.go to networking_rootlessport.go - Keep setupRootlessPortMappingViaRLK() and reloadRootlessRLKPortMapping() - Remove unused imports (namespaces, pasta, slirp4netns packages) - Simplify isSlirp4netnsIPv6() to return false (no longer needed) - Remove IsSlirp4netns() check from teardown and OCI setup The RootlessRLK port mapping functions are preserved as they are used by both pasta and bridge networking for rootless containers. All other slirp4netns code has been removed. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove all slirp4netns references from user-facing CLI interfaces and shell completions. Changes: - Remove slirp4netns network mode completion from AutocompleteNetworkFlag - Remove slirp4netns options (allow_host_loopback, cidr, mtu, etc.) from completions - Remove port_handler slirp4netns option from completions - Remove slirp4netns.BinaryName from NetworkCreate validation - Remove slirp4netns import from pkg/domain/infra/abi/network.go - Update servicereaper comments to remove slirp4netns mention Users attempting to use --network=slirp4netns will now receive an error from the validation in earlier commits. Shell completions no longer suggest slirp4netns as a valid option. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Update all documentation files to remove slirp4netns references and update to pasta as the only rootless networking backend: - Remove slirp4netns network mode documentation and examples - Update pasta examples to remove "equivalent to slirp4netns" language - Change default rootless networking from slirp4netns to pasta - Remove slirp4netns from SEE ALSO sections - Update port publishing to only mention pasta (remove slirp4netns) - Remove slirp4netns package requirements - Update example outputs to show pasta instead of slirp4netns - Update Chinese tutorial documentation Modified .md and .md.in source files to ensure generated documentation reflects pasta-only networking. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove slirp4netns imports from files where they are no longer needed: - libpod/info_linux.go: Remove slirp4netns version detection code and import - pkg/specgen/generate/container_create.go: Replace slirp4netns.BinaryName with literal string - libpod/define/info.go: Update comment to remove slirp4netns reference The slirp4netns import in libpod/networking_rootlessport.go is intentionally preserved as it provides RootlessRLK port mapping functions still used by pasta and bridge network modes. The Slirp4NetNS field in the HostInfo struct is preserved to maintain API compatibility, though it will always be empty now. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Add linter exclusion for rootlessPortSync* fields that are unused on FreeBSD, and remove the now-unnecessary maybeStartServiceReaper stub function that was only needed for slirp4netns support. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The rootlessSlirpSyncR and rootlessSlirpSyncW fields were related to slirp4netns support which has been removed. These unused fields were causing golangci-lint validation failures. Fixes validate job failures in CI. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
lsm5
force-pushed
the
podman6-no-slirp-new
branch
from
2a6612e to
bbf3f4f
Compare
|
[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore. |
Member
Author
|
depends on #27827 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
Ensure you have completed the following checklist for your pull request to be reviewed:
commits. (
git commit -s). (If needed, usegit commit -s --amend). The author email must matchthe sign-off email address. See CONTRIBUTING.md
for more information.
Fixes: #00000in commit message (if applicable)make validatepr(format/lint checks)Noneif no user-facing changes)Does this PR introduce a user-facing change?