Quadlet - allow deleting the network when stopping the service

Signed-off-by: Ygal Blum <[email protected]>

Author: ygalblum

docs/source/markdown/podman-systemd.unit.5.md

@@ -1330,23 +1330,24 @@ particularly interesting when using special options to control network creation,
 
 Valid options for `[Network]` are listed below:
 
-| **[Network] options**               | **podman network create equivalent** |
-|-------------------------------------|--------------------------------------|
-| ContainersConfModule=/etc/nvd\.conf | --module=/etc/nvd\.conf              |
-| DisableDNS=true                     | --disable-dns                        |
-| DNS=192.168.55.1                    | --dns=192.168.55.1                   |
-| Driver=bridge                       | --driver bridge                      |
-| Gateway=192.168.55.3                | --gateway 192.168.55.3               |
-| GlobalArgs=--log-level=debug        | --log-level=debug                    |
-| Internal=true                       | --internal                           |
-| IPAMDriver=dhcp                     | --ipam-driver dhcp                   |
-| IPRange=192.168.55.128/25           | --ip-range 192.168.55.128/25         |
-| IPv6=true                           | --ipv6                               |
-| Label="XYZ"                         | --label "XYZ"                        |
-| NetworkName=foo                     | podman network create foo            |
-| Options=isolate=true                | --opt isolate=true                   |
-| PodmanArgs=--dns=192.168.55.1       | --dns=192.168.55.1                   |
-| Subnet=192.5.0.0/16                 | --subnet 192.5.0.0/16                |
+| **[Network] options**               | **podman network create equivalent**                            |
+|-------------------------------------|-----------------------------------------------------------------|
+| ContainersConfModule=/etc/nvd\.conf | --module=/etc/nvd\.conf                                         |
+| DisableDNS=true                     | --disable-dns                                                   |
+| DNS=192.168.55.1                    | --dns=192.168.55.1                                              |
+| Driver=bridge                       | --driver bridge                                                 |
+| Gateway=192.168.55.3                | --gateway 192.168.55.3                                          |
+| GlobalArgs=--log-level=debug        | --log-level=debug                                               |
+| Internal=true                       | --internal                                                      |
+| IPAMDriver=dhcp                     | --ipam-driver dhcp                                              |
+| IPRange=192.168.55.128/25           | --ip-range 192.168.55.128/25                                    |
+| IPv6=true                           | --ipv6                                                          |
+| Label="XYZ"                         | --label "XYZ"                                                   |
+| NetworkDeleteOnStop=true            | Add ExecStopPost to delete the network when the unit is stopped |
+| NetworkName=foo                     | podman network create foo                                       |
+| Options=isolate=true                | --opt isolate=true                                              |
+| PodmanArgs=--dns=192.168.55.1       | --dns=192.168.55.1                                              |
+| Subnet=192.5.0.0/16                 | --subnet 192.5.0.0/16                                           |
 
 Supported keys in `[Network]` section are:
 
@@ -1429,6 +1430,10 @@ Set one or more OCI labels on the network. The format is a list of
 
 This key can be listed multiple times.
 
+### `NetworkDeleteOnStop=` (defaults to `false`)
+
+When set to `true` the network is deleted when the service is stopped
+
 ### `NetworkName=`
 
 The (optional) name of the Podman network. If this is not specified, the default value of

pkg/systemd/quadlet/quadlet.go

@@ -126,6 +126,7 @@ const (
 	KeyMount                 = "Mount"
 	KeyNetwork               = "Network"
 	KeyNetworkAlias          = "NetworkAlias"
+	KeyNetworkDeleteOnStop   = "NetworkDeleteOnStop"
 	KeyNetworkName           = "NetworkName"
 	KeyNoNewPrivileges       = "NoNewPrivileges"
 	KeyNotify                = "Notify"
@@ -323,6 +324,7 @@ var (
 		KeyIPv6:                 true,
 		KeyInternal:             true,
 		KeyNetworkName:          true,
+		KeyNetworkDeleteOnStop:  true,
 		KeyOptions:              true,
 		KeyServiceName:          true,
 		KeySubnet:               true,
@@ -940,6 +942,12 @@ func ConvertNetwork(network *parser.UnitFile, name string, unitsInfoMap map[stri
 	// Need the containers filesystem mounted to start podman
 	service.Add(UnitGroup, "RequiresMountsFor", "%t/containers")
 
+	if network.LookupBooleanWithDefault(NetworkGroup, KeyNetworkDeleteOnStop, false) {
+		serviceStopPostCmd := createBasePodmanCommand(network, NetworkGroup)
+		serviceStopPostCmd.add("network", "rm", networkName)
+		service.AddCmdline(ServiceGroup, "ExecStopPost", serviceStopPostCmd.Args)
+	}
+
 	podman := createBasePodmanCommand(network, NetworkGroup)
 
 	podman.add("network", "create", "--ignore")

test/e2e/quadlet/delete.network

@@ -0,0 +1,7 @@
+## assert-podman-stop-post-args "network"
+## assert-podman-stop-post-args "rm"
+## assert-podman-stop-post-final-args "test-network"
+
+[Network]
+NetworkName=test-network
+NetworkDeleteOnStop=true

test/e2e/quadlet_test.go

@@ -979,6 +979,7 @@ BOGUS=foo
 		Entry("Network - subnet, gateway and range", "subnet-trio.network"),
 		Entry("Network - global args", "globalargs.network"),
 		Entry("Network - Containers Conf Modules", "containersconfmodule.network"),
+		Entry("Network - Delete on stop", "delete.network"),
 
 		Entry("Image - Basic", "basic.image"),
 		Entry("Image - Architecture", "arch.image"),

test/system/252-quadlet.bats

@@ -517,6 +517,63 @@ EOF
     run_podman network rm $network_name
 }
 
+@test "quadlet - network delete with dependencies" {
+    # Save the unit name to use as the network for the container
+    local network_name=$(safename)
+    local quadlet_network_unit=dep_$(safename).network
+    local quadlet_network_file=$PODMAN_TMPDIR/${quadlet_network_unit}
+    cat > $quadlet_network_file <<EOF
+[Network]
+NetworkName=${network_name}
+NetworkDeleteOnStop=true
+EOF
+
+    local quadlet_tmpdir=$(mktemp -d --tmpdir=$PODMAN_TMPDIR quadlet.XXXXXX)
+    # Have quadlet create the systemd unit file for the network unit
+    run_quadlet "$quadlet_network_file" "$quadlet_tmpdir"
+
+    # Save the network service name since the variable will be overwritten
+    local network_service=$QUADLET_SERVICE_NAME
+
+    local quadlet_container_file=$PODMAN_TMPDIR/user_$(safename).container
+    cat > $quadlet_container_file <<EOF
+[Container]
+Image=$IMAGE
+Exec=top
+Network=$quadlet_network_unit
+EOF
+
+    run_quadlet "$quadlet_container_file" "$quadlet_tmpdir"
+
+    # Save the container service name for readability
+    local container_service=$QUADLET_SERVICE_NAME
+
+    # Network should not exist
+    run_podman 1 network exists $network_name
+
+    # Start the container service
+    service_setup $container_service
+
+    # Network system unit should be active
+    run systemctl show --property=ActiveState "$network_service"
+    assert "$output" = "ActiveState=active" \
+           "network should be active via dependency"
+
+    # Network should exist
+    run_podman network exists $network_name
+
+    # Stop the Network Service
+    service_cleanup $network_service inactive
+
+    # Container system unit should be active
+    run systemctl show --property=ActiveState "$container_service"
+    assert "$output" = "ActiveState=failed" \
+           "container service should be failed via dependency"
+
+    # Network should not exist
+    run_podman 1 network exists $network_name
+}
+
 # A quadlet container depends on a quadlet network
 @test "quadlet - network dependency" {
     # Save the unit name to use as the network for the container