commit 4446cbcd19e386bfb457dddf5e208a8184b8f166
Author: Alex Schultz <aschultz@redhat.com>
Date:   Wed Sep 9 12:19:01 2020 -0600

    Configure the default podman network
    
    Instead of blanking out the file, we need to configure it. An empty
    file causes the `podman network` to not function and prevents us from
    using containers without --net=host.
    
    While we don't use this in tripleo today, it is beneficial to not leave
    podman in a broken state on the undercloud or standalone if we actually
    wanted to use podman networking for an external container.  This change
    won't remove the network if the interface has been configured and is in
    use as to not break 'podman network'
    
    It should be noted that the default interface was changed in later
    versions from cni0 to cni-podman0 see podman 3755 (podman > 1.6).
    
    Change-Id: Id3ba3a531b8f86d411c843683c94a9d632cbf217
    Closes-Bug: #1889510
    Closes-Bug: #1898120

diff --git a/releasenotes/notes/configure-podman-cni-788ffa30083acbb5.yaml b/releasenotes/notes/configure-podman-cni-788ffa30083acbb5.yaml
new file mode 100644
index 0000000..40e1679
--- /dev/null
+++ b/releasenotes/notes/configure-podman-cni-788ffa30083acbb5.yaml
@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    A new variable named `tripleo_podman_default_network_config` has been added
+    to be able to configure the default network used by podman. By default the
+    configuration will use `10.255.255.0/24` as a network for podman managed
+    containers. TripleO does not use podman's networking, however removing
+    this configuration (or making it invalid) breaks the `podman network`
+    functions. The network is not applied if it's already running which is
+    indicated by the existance of a cni-podman0 interface.
diff --git a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml
index 623d53c..1a9061f 100644
--- a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml
@@ -34,6 +34,30 @@ tripleo_podman_unqualified_search_registries:
   - registry.centos.org
   - docker.io
 tripleo_podman_insecure_registries: "{{ tripleo_container_registry_insecure_registries }}"
+# this is the default network configuration except the range has been moved
+# from 10.88.0.0/16 to 10.255.255.0/24 to try and prevent a conflict in an
+# existing cloud
+tripleo_podman_default_network_config:
+  cniVersion: 0.4.0
+  name: podman
+  plugins:
+    - type: bridge
+      bridge: cni-podman0
+      isGateway: true
+      ipMasq: true
+      hairpinMode: true
+      ipam:
+        type: host-local
+        routes:
+          - dst: 0.0.0.0/0
+        ranges:
+          - - subnet: 10.255.255.0/24
+              gateway: 10.255.255.1
+    - type: portmap
+      capabilities:
+        portMappings: true
+    - type: firewall
+    - type: tuning
 # tripleo_podman_registries requires a list of dictionaries
 # Example:
 # tripleo_podman_registries:
diff --git a/tripleo_ansible/roles/tripleo_podman/molecule/install/converge.yml b/tripleo_ansible/roles/tripleo_podman/molecule/install/converge.yml
index d69881f..7d70d1e 100644
--- a/tripleo_ansible/roles/tripleo_podman/molecule/install/converge.yml
+++ b/tripleo_ansible/roles/tripleo_podman/molecule/install/converge.yml
@@ -23,3 +23,7 @@
         name: tripleo_podman
         tasks_from: tripleo_podman_install.yml
         vars_from: "redhat.yml"
+    # https://bugs.launchpad.net/bugs/1889510
+    - name: Test podman network ls
+      become: true
+      command: podman network ls
diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml
index cdf6276..490bc8a 100644
--- a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml
+++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml
@@ -26,30 +26,23 @@
         name: "{{ tripleo_podman_packages }}"
         state: latest
 
-    - name: Check for cni0 interface
-      command: ip link show cni0
-      changed_when: false
-      failed_when: false
-      register: cni0_interface
-
-    - name: Delete cni0 interface
+    - name: Delete legacy cni0 interface (podman < 1.6)
       command: ip link delete cni0
       when:
-        - cni0_interface.rc is defined
-        - cni0_interface.rc == 0
-
-    - name: Check if 87-podman-bridge.conflist exists
-      stat:
-        path: /etc/cni/net.d/87-podman-bridge.conflist
-      register: podman_bridge_config
+        - '"cni0" in ansible_interfaces'
 
-    - name: Remove default cni config for cni0 if exists
+    # don't update the network config if the network is already running
+    # meaning cni-podman0 is running somewhere
+    - name: Update default network configuration if possible
       copy:
         dest: /etc/cni/net.d/87-podman-bridge.conflist
-        content: ''
-        force: true
+        content: "{{ tripleo_podman_default_network_config | to_json }}"
+        mode: '0644'
+        owner: root
+        group: root
       when:
-        - podman_bridge_config.stat.exists | bool
+        - '"cni-podman0" not in ansible_interfaces'
+
 
     - name: Write containers registries.conf
       template: