Gate CNI support behind the cni build tag

- add cni build tag to libnetwork/cni
- split libnetwork/network into multiple files so that cni support can be made
  optionally available
- add -cni build targets to Makefile and build for amd64 with and without cni
- add a simple upgrade mechanism if the user never set the network backend explicitly

See also https://issues.redhat.com/browse/RUN-1943

Signed-off-by: Dan Čermák <[email protected]>

Makefile

@@ -36,15 +36,19 @@ build-cross:
 	$(call go-build,windows,386,${BUILDTAGS})
 
 .PHONY: all
-all: build-amd64 build-386
+all: build-amd64 build-386 build-amd64-cni
 
 .PHONY: build
-build: build-amd64 build-386
+build: build-amd64 build-386 build-amd64-cni
 
 .PHONY: build-amd64
 build-amd64:
 	GOARCH=amd64 $(GO_BUILD) -tags $(BUILDTAGS) ./...
 
+.PHONY: build-amd64-cni
+build-amd64-cni:
+	GOARCH=amd64 $(GO_BUILD) -tags $(BUILDTAGS),cni ./...
+
 .PHONY: build-386
 build-386:
 ifneq ($(shell uname -s), Darwin)

libnetwork/cni/cni_conversion.go

@@ -1,5 +1,6 @@
-//go:build linux || freebsd
+//go:build (linux || freebsd) && cni
 // +build linux freebsd
+// +build cni
 
 package cni
 

libnetwork/cni/cni_exec.go

@@ -16,8 +16,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//go:build linux || freebsd
+//go:build (linux || freebsd) && cni
 // +build linux freebsd
+// +build cni
 
 package cni
 

libnetwork/cni/cni_suite_test.go

@@ -1,5 +1,6 @@
-//go:build linux
-// +build linux
+//go:build (linux || freebsd) && cni
+// +build linux freebsd
+// +build cni
 
 package cni_test
 

libnetwork/cni/cni_types.go

@@ -1,5 +1,6 @@
-//go:build linux || freebsd
+//go:build (linux || freebsd) && cni
 // +build linux freebsd
+// +build cni
 
 package cni
 

libnetwork/cni/config.go

@@ -1,5 +1,6 @@
-//go:build linux || freebsd
+//go:build (linux || freebsd) && cni
 // +build linux freebsd
+// +build cni
 
 package cni
 

libnetwork/cni/config_freebsd.go

@@ -1,5 +1,6 @@
-//go:build freebsd
-// +build freebsd
+//go:build (linux || freebsd) && cni
+// +build linux freebsd
+// +build cni
 
 package cni
 

libnetwork/cni/config_linux.go

@@ -1,5 +1,6 @@
-//go:build linux
-// +build linux
+//go:build (linux || freebsd) && cni
+// +build linux freebsd
+// +build cni
 
 package cni
 

libnetwork/cni/config_test.go

@@ -1,5 +1,6 @@
-//go:build linux
-// +build linux
+//go:build (linux || freebsd) && cni
+// +build linux freebsd
+// +build cni
 
 package cni_test
 

libnetwork/cni/network.go

@@ -1,5 +1,6 @@
-//go:build linux || freebsd
+//go:build (linux || freebsd) && cni
 // +build linux freebsd
+// +build cni
 
 package cni
 

libnetwork/cni/run.go

@@ -1,5 +1,6 @@
-//go:build linux || freebsd
+//go:build (linux || freebsd) && cni
 // +build linux freebsd
+// +build cni
 
 package cni
 

libnetwork/cni/run_test.go

@@ -1,5 +1,6 @@
-//go:build linux
-// +build linux
+//go:build (linux || freebsd) && cni
+// +build linux freebsd
+// +build cni
 
 package cni_test
 

libnetwork/network/cni_interface.go

@@ -0,0 +1,121 @@
+//go:build (linux || freebsd) && cni
+// +build linux freebsd
+// +build cni
+
+package network
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/containers/common/libnetwork/cni"
+	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/machine"
+	"github.com/containers/storage"
+	"github.com/containers/storage/pkg/homedir"
+	"github.com/containers/storage/pkg/unshare"
+)
+
+const (
+	// cniConfigDirRootless is the directory in XDG_CONFIG_HOME for cni plugins
+	cniConfigDirRootless = "cni/net.d/"
+
+	cniSupported = true
+)
+
+func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
+	confDir := conf.Network.NetworkConfigDir
+	if confDir == "" {
+		var err error
+		confDir, err = getDefaultCNIConfigDir()
+		if err != nil {
+			return nil, err
+		}
+	}
+	return cni.NewCNINetworkInterface(&cni.InitConfig{
+		Config:       conf,
+		CNIConfigDir: confDir,
+		RunDir:       conf.Engine.TmpDir,
+		IsMachine:    machine.IsGvProxyBased(),
+	})
+}
+
+func getDefaultCNIConfigDir() (string, error) {
+	if !unshare.IsRootless() {
+		return cniConfigDir, nil
+	}
+
+	configHome, err := homedir.GetConfigHome()
+	if err != nil {
+		return "", err
+	}
+
+	return filepath.Join(configHome, cniConfigDirRootless), nil
+}
+
+func networkBackendFromStore(store storage.Store, conf *config.Config) (backend types.NetworkBackend, err error) {
+	_, err = conf.FindHelperBinary("netavark", false)
+	if err != nil {
+		// if we cannot find netavark use CNI
+		return types.CNI, nil
+	}
+
+	// If there are any containers then return CNI
+	cons, err := store.Containers()
+	if err != nil {
+		return "", err
+	}
+	if len(cons) != 0 {
+		return types.CNI, nil
+	}
+
+	// If there are any non ReadOnly images then return CNI
+	imgs, err := store.Images()
+	if err != nil {
+		return "", err
+	}
+	for _, i := range imgs {
+		if !i.ReadOnly {
+			return types.CNI, nil
+		}
+	}
+
+	// If there are CNI Networks then return CNI
+	cniInterface, err := getCniInterface(conf)
+	if err == nil {
+		nets, err := cniInterface.NetworkList()
+		// there is always a default network so check > 1
+		if err != nil && !errors.Is(err, os.ErrNotExist) {
+			return "", err
+		}
+
+		if len(nets) > 1 {
+			// we do not have a fresh system so use CNI
+			return types.CNI, nil
+		}
+	}
+	return types.Netavark, nil
+}
+
+func backendFromType(backend types.NetworkBackend, store storage.Store, conf *config.Config, syslog bool) (types.NetworkBackend, types.ContainerNetwork, error) {
+	switch backend {
+	case types.Netavark:
+		netInt, err := netavarkBackendFromConf(store, conf, syslog)
+		if err != nil {
+			return "", nil, err
+		}
+		return types.Netavark, netInt, err
+	case types.CNI:
+		netInt, err := getCniInterface(conf)
+		if err != nil {
+			return "", nil, err
+		}
+		return types.CNI, netInt, err
+
+	default:
+		return "", nil, fmt.Errorf("unsupported network backend %q, check network_backend in containers.conf", backend)
+	}
+}