search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.1k stars 13.4k forks source link

Podman dnsname not working for default network #200730

Closed jacob-swanson closed 1 year ago

jacob-swanson commented 1 year ago

Describe the bug

The podman dnsname plugin is not working for the default network, as the defaultNetwork.dnsname.enable option implies. I am able to work around this by creating a custom network manually, but this is undesirable since there doesn't seem to be an easy way to declaritively create a podman network.

Steps To Reproduce

  1. Configure podman how it's shown in https://nixos.wiki/wiki/Podman
  2. Run nixos-rebuild switch
  3. Check if container dns is working on the default network as shown in https://github.com/containers/dnsname/blob/main/README_PODMAN.md (The --network foobar argument is removed in the example below). 
    
sudo podman run -dt --name web quay.io/libpod/alpine_nginx:latest
5139d65d22135e9ecab511559d863754550894a32285befd94dab231017048c2

sudo podman run -it --name client quay.io/libpod/alpine_nginx:latest curl http://web.dns.podman/ podman rulez


### Expected behavior
I expected the `defaultNetwork.dnsname.enable` option to enable dns on the default network.

To work around the issue, I created another network by running `podman network create foobar` and added the `--network=foobar` option to `extraOptions`.

### Screenshots
NA

### Additional context
I am running this in a proxmox lxc container (https://nixos.wiki/wiki/Proxmox_Virtual_Environment#LXC), which might may be causing the problem, though it works fine when I create a custom network. I poked around for a while, but didn't find anything conclusive. I'm not really familiar with nixos or podman.

I want to configure an influxdb and a telegraf container. Here's what I have for my current config with my workaround.

virtualisation = { podman = { enable = true; defaultNetwork.dnsname.enable = true; dockerCompat = true; dockerSocket.enable = true; extraPackages = [ pkgs.zfs ]; }; }; users.groups.podman.gid=995; virtualisation.oci-containers.containers = { influxdb2 = { image = "influxdb:2.5"; volumes = [ "/mnt/user/appdata/influxdb2:/var/lib/influxdb2" ]; ports = ["8086:8086"]; extraOptions = [ "--network=foobar" ]; };

telegraf = {
  image = "telegraf:1.24";
  user = "telegraf:${builtins.toString(config.users.groups.podman.gid)}";
  volumes = [
    "/:/hostfs:ro"
    "/var/run/podman/podman.sock:/var/run/docker.sock:ro"
  ];
  environment = {
    HOST_ETC = "/hostfs/etc";
    HOST_PROC = "/hostfs/proc";
    HOST_SYS = "/hostfs/sys";
    HOST_VAR = "/hostfs/var";
    HOST_RUN = "/hostfs/run";
    HOST_MOUNT_PREFIX = "/hostfs";
    INFLUX_TOKEN="<redacted>";
  };
  cmd = [
    "--config"
    "http://influxdb2.dns.podman:8086/api/v2/telegrafs/0a4528fca40bd000"
  ];
  extraOptions = [
    "--hostname=nixos"
    "--network=foobar"
  ];
};

};


### Notify maintainers
@mikroskeem

### Metadata
```console
[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
this path will be fetched (0.01 MiB download, 0.04 MiB unpacked):
  /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux
copying path '/nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux' from 'https://cache.nixos.org'...
 - system: `"x86_64-linux"`
 - host os: `Linux 5.15.64-1-pve, NixOS, 22.11 (Raccoon), 22.11pre425156.872fceeed60`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.11.0`
 - channels(root): `"nixos"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
mikroskeem commented 1 year ago

Unable to reproduce on my system with default network.

Tried with:

$ sudo podman run --rm -ti --name web1 python:3.10 python -m http.server 8080
$ sudo podman run --rm -ti --name webclient python:3.10 curl -v http://web1:8080
 - system: `"x86_64-linux"`
 - host os: `Linux 5.19.16, NixOS, 22.11 (Raccoon), 22.11.20221024.1e684b3`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.11.0`
 - channels(root): `""`
 - channels(mark): `""`
 - nixpkgs: `/nix/store/083m43hjhry94cvfmqdv7kjpvsl3zzvi-source`

I will try with newer nixpkgs and/or virtualisation.oci-containers soon.

jacob-swanson commented 1 year ago

Thanks for trying to reproduce the problem.

I found a workaround for getting dnsname working on the default network.

I noticed that, for the foobar network I created, /root/.config/cni/net.d/foobar.conflist gets created. Then I copied /etc/cni/net.d/87-podman-bridge.conflist into that folder, then dns started working on the default network.

cp /etc/cni/net.d/87-podman-bridge.conflist /root/.config/cni/net.d/
podman system reset
reboot