Configure the default podman network
Instead of blanking out the file, we need to configure it. An empty file causes the `podman network` to not function and prevents us from using containers without --net=host. While we don't use this in tripleo today, it is beneficial to not leave podman in a broken state on the undercloud or standalone if we actually wanted to use podman networking for an external container. This change won't remove the network if the interface has been configured and is in use as to not break 'podman network' It should be noted that the default interface was changed in later versions from cni0 to cni-podman0 see podman 3755 (podman > 1.6). Change-Id: Id3ba3a531b8f86d411c843683c94a9d632cbf217 Closes-Bug: #1889510 Closes-Bug: #1898120
This commit is contained in:
parent
e7a2b4068e
commit
4446cbcd19
@ -0,0 +1,10 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
A new variable named `tripleo_podman_default_network_config` has been added
|
||||
to be able to configure the default network used by podman. By default the
|
||||
configuration will use `10.255.255.0/24` as a network for podman managed
|
||||
containers. TripleO does not use podman's networking, however removing
|
||||
this configuration (or making it invalid) breaks the `podman network`
|
||||
functions. The network is not applied if it's already running which is
|
||||
indicated by the existance of a cni-podman0 interface.
|
@ -34,6 +34,30 @@ tripleo_podman_unqualified_search_registries:
|
||||
- registry.centos.org
|
||||
- docker.io
|
||||
tripleo_podman_insecure_registries: "{{ tripleo_container_registry_insecure_registries }}"
|
||||
# this is the default network configuration except the range has been moved
|
||||
# from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an
|
||||
# existing cloud
|
||||
tripleo_podman_default_network_config:
|
||||
cniVersion: 0.4.0
|
||||
name: podman
|
||||
plugins:
|
||||
- type: bridge
|
||||
bridge: cni-podman0
|
||||
isGateway: true
|
||||
ipMasq: true
|
||||
hairpinMode: true
|
||||
ipam:
|
||||
type: host-local
|
||||
routes:
|
||||
- dst: 0.0.0.0/0
|
||||
ranges:
|
||||
- - subnet: 10.255.255.0/24
|
||||
gateway: 10.255.255.1
|
||||
- type: portmap
|
||||
capabilities:
|
||||
portMappings: true
|
||||
- type: firewall
|
||||
- type: tuning
|
||||
# tripleo_podman_registries requires a list of dictionaries
|
||||
# Example:
|
||||
# tripleo_podman_registries:
|
||||
|
@ -23,3 +23,7 @@
|
||||
name: tripleo_podman
|
||||
tasks_from: tripleo_podman_install.yml
|
||||
vars_from: "redhat.yml"
|
||||
# https://bugs.launchpad.net/bugs/1889510
|
||||
- name: Test podman network ls
|
||||
become: true
|
||||
command: podman network ls
|
||||
|
@ -26,30 +26,23 @@
|
||||
name: "{{ tripleo_podman_packages }}"
|
||||
state: latest
|
||||
|
||||
- name: Check for cni0 interface
|
||||
command: ip link show cni0
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: cni0_interface
|
||||
|
||||
- name: Delete cni0 interface
|
||||
- name: Delete legacy cni0 interface (podman < 1.6)
|
||||
command: ip link delete cni0
|
||||
when:
|
||||
- cni0_interface.rc is defined
|
||||
- cni0_interface.rc == 0
|
||||
- '"cni0" in ansible_interfaces'
|
||||
|
||||
- name: Check if 87-podman-bridge.conflist exists
|
||||
stat:
|
||||
path: /etc/cni/net.d/87-podman-bridge.conflist
|
||||
register: podman_bridge_config
|
||||
|
||||
- name: Remove default cni config for cni0 if exists
|
||||
# don't update the network config if the network is already running
|
||||
# meaning cni-podman0 is running somewhere
|
||||
- name: Update default network configuration if possible
|
||||
copy:
|
||||
dest: /etc/cni/net.d/87-podman-bridge.conflist
|
||||
content: ''
|
||||
force: true
|
||||
content: "{{ tripleo_podman_default_network_config | to_json }}"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
when:
|
||||
- podman_bridge_config.stat.exists | bool
|
||||
- '"cni-podman0" not in ansible_interfaces'
|
||||
|
||||
|
||||
- name: Write containers registries.conf
|
||||
template:
|
||||
|
Loading…
Reference in New Issue
Block a user