abiosoft
commented
2 years ago @B-0-B-B-Y are you behind a proxy or VPN ?
Closed B-0-B-B-Y closed 2 years ago
abiosoft
commented
2 years ago @B-0-B-B-Y are you behind a proxy or VPN ?
B-0-B-B-Y
commented
2 years ago @B-0-B-B-Y are you behind a proxy or VPN ?
I have Cisco AnyConnect installed, but when trying this I'm not connected via the VPN, just directly to my home router via WiFi. Does the presence of the VPN created network interfaces interfere with Colima?
abiosoft
commented
2 years ago Yeah, there are known issues with VPN at the moment.
Does it work if you specify custom dns with the --dns flag.
e.g. colima start --dns 8.8.8.8.
B-0-B-B-Y
commented
2 years ago Yeah, there are known issues with VPN at the moment. Does it work if you specify custom dns with the
--dnsflag. e.g.colima start --dns 8.8.8.8.
Have tried with the --dns options as well yeah, I tried --dns 8.8.8.8 and also my router IP as well --dns 192.168.1.1, neither worked π€ is there perhaps a way to directly pass down a specific network interface to the VM instead?
abiosoft
commented
2 years ago This is a very strange scenario. Can you try using the containerd runtime and see if the behaviour is same.
colima delete
colima start --runtime containerd
colima nerdctl -- run --rm -it alpine ping google.comThis is a very strange scenario. Can you try using the containerd runtime and see if the behaviour is same.
colima delete colima start --runtime containerd colima nerdctl -- run --rm -it alpine ping google.com
Using the containerd runtime, pinging google.com does in fact resolve correctly. Will try and build one of our images with those external IP dependencies now and see if that can build successfully through containerd as well. Like you said, this is a very strange scenario indeed...
B-0-B-B-Y
commented
2 years ago @abiosoft on containerd, am getting issues resolving some packages with apt install:
#6 1.362 Ign:32 http://ports.ubuntu.com/ubuntu-ports bionic-security/main i386 Packages
#6 1.377 Err:26 http://ports.ubuntu.com/ubuntu-ports bionic-security/universe i386 Packages
#6 1.377 404 Not Found [IP: 91.189.88.152 80]
#6 1.385 Ign:27 http://ports.ubuntu.com/ubuntu-ports bionic-security/restricted i386 Packages
#6 1.385 Ign:29 http://ports.ubuntu.com/ubuntu-ports bionic-security/multiverse i386 Packages
#6 1.400 Ign:32 http://ports.ubuntu.com/ubuntu-ports bionic-security/main i386 Packages
#6 1.714 Fetched 19.6 MB in 2s (11.7 MB/s)
#6 1.714 Reading package lists...
#6 1.720 E: Failed to fetch http://ports.ubuntu.com/ubuntu-ports/dists/bionic/multiverse/binary-i386/Packages 404 Not Found [IP: 91.189.88.152 80]
#6 1.720 E: Failed to fetch http://ports.ubuntu.com/ubuntu-ports/dists/bionic-updates/restricted/binary-i386/Packages 404 Not Found [IP: 91.189.88.152 80]
#6 1.720 E: Failed to fetch http://ports.ubuntu.com/ubuntu-ports/dists/bionic-backports/universe/binary-i386/Packages 404 Not Found [IP: 91.189.88.152 80]
#6 1.720 E: Failed to fetch http://ports.ubuntu.com/ubuntu-ports/dists/bionic-security/universe/binary-i386/Packages 404 Not Found [IP: 91.189.88.152 80]@B-0-B-B-Y it is likely related to this https://github.com/abiosoft/colima/issues/140. Though the issues reported are linked to heavy network load and yours does not look like a heavy network load.
Nonetheless a fix is imminent. And I would appreciate if you can stick around and help with testing the fix when it is pushed.
B-0-B-B-Y
commented
2 years ago 140
Okay thanks for the heads up, just read through the thread, any idea when this change is scheduled to release? And yes, will be testing the new version which hopefully solves the issues we're facing (would really prefer to not have to go back to docker desktop)
abiosoft
commented
2 years ago It should be available for testing by weekend. I would prefer some user feedback before pushing a release.
Thanks.
B-0-B-B-Y
commented
2 years ago @abiosoft sure, feel free to ping me on here when it becomes available for testing, will try it out π
ryderdain
commented
2 years ago Just to add in, I'm having the exact same issue on a new M1 running 12.3, even after updating colima to HEAD. Apologies, I've included a lot:
colima version HEAD-5a4a704
git commit: 5a4a70481ca8d1e794677f22524e3c1b79a9b4ae
runtime: docker
arch: aarch64
client: v20.10.13
server: v20.10.11
kubernetes
Client Version: v1.23.5
Server Version: v1.22.4+k3s1
limactl version 0.9.1
qemu-img version 6.2.0
Copyright (c) 2003-2021 Fabrice Bellard and the QEMU Project developersRunning a similar test:
$ docker run alpine ping google.com -c 3
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
148d739a8e6b: Pull complete
Digest: sha256:3c4222bc5d16ab768ce961fec6fb14150586c84437840a5f9e7086445f60a015
Status: Downloaded newer image for alpine:latest
PING google.com (142.251.36.174): 56 data bytes
--- google.com ping statistics ---
3 packets transmitted, 0 packets received, 100% packet lossI followed this issue here from #140 and also ran the jordi/ab test with the same negative results:
$ docker run --rm jordi/ab -c 100 -n 1000 https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl
Unable to find image 'jordi/ab:latest' locally
latest: Pulling from jordi/ab
8e3ba11ec2a2: Pull complete
391b77375ac6: Pull complete
Digest: sha256:e73ba5f38be047448267bcfbab191bbea88017150578ef2dd3b0942a0e0d6a56
Status: Downloaded newer image for jordi/ab:latest
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
This is ApacheBench, Version 2.3 <$Revision: 1826891 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking files.pythonhosted.org (be patient)
SSL read failed (5) - closing connection
SSL read failed (5) - closing connection
[snip..]
SSL read failed (5) - closing connection
SSL read failed (5) - closing connection
Finished 1000 requests
Server Software: UploadServer
Server Hostname: files.pythonhosted.org
Server Port: 443
SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128
TLS Server Name: files.pythonhosted.org
Document Path: /packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl
Document Length: 11053 bytes
Concurrency Level: 100
Time taken for tests: 0.916 seconds
Complete requests: 1000
Failed requests: 1643
(Connect: 0, Receive: 0, Length: 985, Exceptions: 658)
Total transferred: 2118278 bytes
HTML transferred: 1967434 bytes
Requests per second: 1092.23 [#/sec] (mean)
Time per request: 91.556 [ms] (mean)
Time per request: 0.916 [ms] (mean, across all concurrent requests)
Transfer rate: 2259.42 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 40 88.6 0 297
Processing: 0 37 52.4 22 286
Waiting: 14 37 24.1 29 167
Total: 0 77 129.6 22 560
Percentage of the requests served within a certain time (ms)
50% 22
66% 30
75% 34
80% 63
90% 342
95% 358
98% 386
99% 409
100% 560 (longest request)Lastly, followed and repeated your test with containerd as above but it did not succeed; DNS seems to be resolving fine, but for some hosts I still end up with DUP packets returned:
[ 0 1160:1159 - 0:581] 11:54:57 [rdain@falkor :o +1 ~]
$ colima start --runtime containerd
INFO[0000] using containerd runtime
INFO[0000] starting colima
INFO[0000] starting ... context=vm
INFO[0022] starting ... context=containerd
INFO[0027] waiting for startup to complete ... context=containerd
INFO[0027] starting ... context=kubernetes
INFO[0032] done
[ 0 1160:1159 - 0:582] 11:55:37 [rdain@falkor :o +1 ~]
$ colima nerdctl -- run --rm -it alpine ping -c 3 google.com
PING google.com (142.250.184.206): 56 data bytes
--- google.com ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
FATA[0012] exit status 1
docker.io/library/busybox:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:caa382c432891547782ce7140fb3b7304613d3b0438834dce1cad68896ab110a: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:7043bc752716f483606c271f78e2ee0ead067607f51bdd01727b1a280a8f0b40: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:d38589532d9756ff743d2149a143bfad79833261ff18c24b22088183a651ff65: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:aa5434a6d997546a878671e17a2fe727177204ef87ce1c66367f226e78f06e5b: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 3.4 s total: 813.2 (239.2 KiB/s)
PING google.com (142.250.184.206): 56 data bytes
--- google.com ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
FATA[0015] exit status 1 I'd be happy to update and test any patches aiming to address this issue.
celomoth
commented
2 years ago The same version encountered the same problem, apt-get randomly failed to compile some packages during the process of compiling the container, resulting in the container not being compiled properly.
khalo-sa
commented
2 years ago I'm on a MBP with M1 too, and started noticing these network problems in containers today.
Cisco Anyconnect VPN is installed on my computer, but the problem occurs without being connected to the VPN. Also, this never happened before with Colima.
Some bits of info that might help identify the problem:
Executing docker run --rm ubuntu:20.04 cat /etc/resolv.conf does not show the same nameserver compared to cat /etc/resolv.conf on my host machine. From my understanding the two should be identical.
If I start a container like this:
docker run --rm -it ubuntu:20.04
Then install a dependency like this
apt-get update; apt-get install -y iputils-ping
It actually works! So apparently it can connect to the ubuntu servers.
But if I now try to ping the same (or any other) server, it fails:
ping ports.ubuntu.com
29 packets transmitted, 0 received, 100% packet loss, time 28333ms
If I start Colima with colima start --dns 8.8.8.8,
and execute docker run --rm ubuntu:20.04 cat /etc/resolv.conf
the nameserver is correctly changed to 8.8.8.8.
However, the behavior mentioned above is unchanged.
> sw_vers -productVersion
12.3> colima version
colima version 0.3.4
git commit: 5a4a70481ca8d1e794677f22524e3c1b79a9b4ae
runtime: docker
arch: aarch64
client: v20.10.13
server: v20.10.11> lima --version
limactl version 0.9.1Kindly install the current development version with brew install --HEAD colima and give it a try.
Thanks.
khalo-sa
commented
2 years ago Thank you @abiosoft
I'm running into an error when trying to create a new VM with the new version: β― colima start --cpu 4 --memory 4 --disk 40 INFO[0000] starting colima INFO[0000] preparing network ... context=vm WARN[0005] error starting network: error at 'preparing network': stat /Users/khalosa/.colima/network/vmnet.ptp: no such file or directory context=vm INFO[0005] creating and starting ... context=vm
62.67 MiB / 167.88 MiB (37.33%) ? p/s 126.23 MiB / 167.88 MiB (75.19%) 12.71 MiB/s 167.88 MiB / 167.88 MiB (100.00%) 19.76 MiB/stime="2022-03-19T17:09:53+01:00" level=info msg="Downloaded image from \"https://github.com/a msg="[hostagent] cannot use VNL \"/Users/khalosa/.colima/network/vmnet.ptp\": stat /Users/khalosa/.colima/network/vmnet.ptp: no such file or direc msg="host agent process has exited: exit status 1" FATA[0019] error starting vm: error at 'creating and starting': exit status 1
abiosoft
commented
2 years ago Can you kindly share the output of /Users/khalosa/.colima/network/vmnet.stderr
khalo-sa
commented
2 years ago Sure! Seems like it is looking for files in your home directory "/Users/abiola" :)
dyld[95676]: Library not loaded: /Users/abiola/projects/golang/colima/_build/network/dist/x86_64/lib/libvdeplug.3.dylib Referenced from: /opt/colima/bin/vde_vmnet Reason: tried: '/Users/abiola/projects/golang/colima/_build/network/dist/x86_64/lib/libvdeplug.3.dylib' (no such file), '/usr/local/lib/libvdeplug.3.dylib' (no such file), '/usr/lib/libvdeplug.3.dylib' (no such file) time="2022-03-19T17:09:34+01:00" level=fatal msg="signal: abort trap"
abiosoft
commented
2 years ago Oh, I need to include the library. Will fix that soon.
Thanks.
abiosoft
commented
2 years ago @khalo-sa can you try again?
khalo-sa
commented
2 years ago sure @abiosoft , I reinstalled via brew reinstall colima. colima version output:
colima version HEAD-5e2e413 git commit: 5e2e41310e595553dcdc29ba45827d4030af37bb
Then I deleted the old vm colima delete, and created/started a new one colima start.
This time, the creation process was not interrupted. However, I still got this warning:
WARN[0015] error starting network: error at 'preparing network': stat /Users/khalosa/.colima/network/vmnet.ptp: no such file or directory
And indeed, the file "/Users/khalosa/.colima/network/vmnet.ptp" is not there.
So maybe not surprising, the weird networking behavior is still unchanged, e.g. docker run --rm -it busybox ping 8.8.8.8 has 100% packet loss, while perfectly working on the same machine with Docker Desktop.
khalo-sa
commented
2 years ago @abiosoft I have tested a couple more times, and always get the warning about the missing "~/.colima/network/vmnet.ptp". Should I create a new issue for this or what are your thoughts on this?
abiosoft
commented
2 years ago @khalo-sa can you kindly share the contents of /etc/sudoers.d/colima?
khalo-sa
commented
2 years ago β― cat /etc/sudoers.d/colima %staff ALL=(root:wheel) NOPASSWD:NOSETENV: /opt/colima/bin/colima-vmnet
abiosoft
commented
2 years ago @khalo-sa yes, you can create a new issue. Kindly specify the version you tested with in the issue.
Thanks.
snacktary
commented
2 years ago Installed the master version of colima, but encountered other problems. MacBook-Pro ~ % docker ps Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Where should I redirect my DOCKER_HOST to in order to connect to colima's server ?
snacktary
commented
2 years ago % colima status INFO[0000] colima is running INFO[0000] runtime: containerd INFO[0000] arch: aarch64
% colima stop INFO[0000] stopping colima INFO[0000] stopping ... context=containerd INFO[0000] stopping ... context=vm INFO[0003] done
% colima start INFO[0000] using containerd runtime INFO[0000] starting colima INFO[0000] preparing network ... context=vm WARN[0015] error starting network: error at 'preparing network': stat /Users/apple/.colima/network/vmnet.ptp: no such file or directory context=vm INFO[0015] starting ... context=vm INFO[0037] starting ... context=containerd INFO[0037] waiting for startup to complete ... context=containerd INFO[0042] done
I searched the issue and found colima's docker.sock in ~/.colima/docker.sock, so I specified it with DOCKER_HOST, but still had problems % export DOCKER_HOST=unix:///Users/apple/.colima/docker.sock
% docker ps Cannot connect to the Docker daemon at unix:///Users/apple/.colima/docker.sock. Is the docker daemon running?
What I want to know is where is the docker.sock for colima? I don't find a file for it in ~/.colima/
below is some logs: % cat ~/.colima/network/vmnet.stderr dyld[98736]: Library not loaded: /opt/colima/lib/libvdeplug.3.dylib Referenced from: /opt/colima/bin/vde_vmnet Reason: tried: '/opt/colima/lib/libvdeplug.3.dylib' (mach-o file, but is an incompatible architecture (have 'arm64e', need 'x86_64')), '/usr/local/lib/libvdeplug.3.dylib' (no such file), '/usr/lib/libvdeplug.3.dylib' (no such file) time="2022-03-21T18:01:06+08:00" level=fatal msg="signal: abort trap" dyld[6223]: Library not loaded: /opt/colima/lib/libvdeplug.3.dylib Referenced from: /opt/colima/bin/vde_vmnet Reason: tried: '/opt/colima/lib/libvdeplug.3.dylib' (mach-o file, but is an incompatible architecture (have 'arm64e', need 'x86_64')), '/usr/local/lib/libvdeplug.3.dylib' (no such file), '/usr/lib/libvdeplug.3.dylib' (no such file) time="2022-03-22T10:16:18+08:00" level=fatal msg="signal: abort trap" dyld[7517]: Library not loaded: /opt/colima/lib/libvdeplug.3.dylib Referenced from: /opt/colima/bin/vde_vmnet Reason: tried: '/opt/colima/lib/libvdeplug.3.dylib' (mach-o file, but is an incompatible architecture (have 'arm64e', need 'x86_64')), '/usr/local/lib/libvdeplug.3.dylib' (no such file), '/usr/lib/libvdeplug.3.dylib' (no such file) time="2022-03-22T10:54:03+08:00" level=fatal msg="signal: abort trap"
% brew reinstall colima try this command then docker ps work. but the network problems still occur randomly, and it is very easy to report errors during the compilation of docker images.
[uap internal] load metadata for docker.io/library/php:7.2.24-fpm-buster:
failed to solve: failed to solve with frontend dockerfile.v0: failed to create LLB definition: failed to do request: Head "https://registry-1.docker.io/v2/library/php/manifests/7.2.24-fpm-buster": dial tcp: lookup registry-1.docker.io on 192.168.5.3:53: read udp 192.168.5.15:57511->192.168.5.3:53: i/o timeout
[core 21/41] RUN opm get SkyLothar/lua-resty-jwt:
83 0.290 * Fetching SkyLothar/lua-resty-jwt
83 10.40 curl: (6) Could not resolve host: opm.openresty.org
83 10.40 ERROR: failed to run command "curl -sS -i -A 'opm 0.0.6 (aarch64-linux-gnu-thread-multi, perl v5.28.1)' 'https://opm.openresty.org/api/pkg/fetch?account=SkyLothar&name=lua-resty-jwt&op=&version='"
failed to solve: executor failed running [/bin/sh -c opm get SkyLothar/lua-resty-jwt]: exit code: 6
update: finally used the specified DNS network problem disappeared, thank you colima start --dns 8.8.8.8
abiosoft
commented
2 years ago Installed the master version of colima, but encountered other problems. MacBook-Pro ~ % docker ps Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Where should I redirect my DOCKER_HOST to in order to connect to colima's server ?
That is expected if you are using the containerd runtime, as it doesn't start the docker server.
B-0-B-B-Y
commented
2 years ago @abiosoft Tried with brew install --HEAD colima but still get the same ENETUNREACH error when trying to build our image
Output of colima ls:
β― colima ls
PROFILE STATUS ARCH CPUS MEMORY DISK ADDRESS
default Running aarch64 2 2GiB 60GiB@B-0-B-B-Y @snacktary @khalo-sa I finally found the issue and should be fixed on m1 devices now. Some users have reported success on m1 devices.
khalo-sa
commented
2 years ago thank you for your efforts @abiosoft , unfortunately still not working.
colima version
colima version HEAD-3fc20b2 git commit: 3fc20b25c32b5a274fede77e52e8ae952b5393e6
runtime: docker arch: aarch64 client: v20.10.13 server: v20.10.11
colima start
INFO[0000] using docker runtime INFO[0000] starting colima INFO[0000] preparing network ... context=vm WARN[0015] error starting network: error at 'preparing network': stat /Users/skh/.colima/network/vmnet.ptp: no such file or directory context=vm INFO[0015] starting ... context=vm INFO[0037] provisioning ... context=docker INFO[0037] starting ... context=docker INFO[0037] waiting for startup to complete ... context=docker INFO[0042] done
cat ~/.colima/network/vmnet.stderr
dyld[16935]: Library not loaded: /opt/colima/lib/libvdeplug.3.dylib Referenced from: /opt/colima/bin/vde_vmnet Reason: tried: '/opt/colima/lib/libvdeplug.3.dylib' (mach-o file, but is an incompatible architecture (have 'arm64e', need 'x86_64')), '/usr/local/lib/libvdeplug.3.dylib' (no such file), '/usr/lib/libvdeplug.3.dylib' (no such file) time="2022-03-23T20:32:42+01:00" level=fatal msg="signal: abort trap" dyld[17084]: Library not loaded: /opt/colima/lib/libvdeplug.3.dylib Referenced from: /opt/colima/bin/vde_vmnet Reason: tried: '/opt/colima/lib/libvdeplug.3.dylib' (mach-o file, but is an incompatible architecture (have 'arm64e', need 'x86_64')), '/usr/local/lib/libvdeplug.3.dylib' (no such file), '/usr/lib/libvdeplug.3.dylib' (no such file) time="2022-03-23T20:33:43+01:00" level=fatal msg="signal: abort trap"
abiosoft
commented
2 years ago @khalo-sa sorry, can you kindly clear the /opt/colima directory and try again. sudo rm -rf /opt/colima.
It is likely using the existing libraries that are incorrect.
I will look for a way to integrate resetting the network setup.
khalo-sa
commented
2 years ago @abiosoft no sorry, thank you for your great work. Your assumption was correct, it is working now. At first sight it looks like all the network issues are gone. I can also confirm the reduced upload speed from #232 .
docker run --rm robinmanuelthiel/speedtest:latest
Docker-Desktop
Your download speed is 107 Mbps (13418971 Bytes/s).
Your upload speed is 39 Mbps (4901071 Bytes/s).
Your ping is 12.56 ms.Colima (vmnet)
Your download speed is 107 Mbps (13417860 Bytes/s).
Your upload speed is 8 Mbps (1079057 Bytes/s).
Your ping is 12.033 ms.No dealbreaker for me, I prefer a stable network over high upload speed π
B-0-B-B-Y
commented
2 years ago @abiosoft Awesome, checking out newest HEAD release + clearing /opt/colima works great, the build container now has access to our external IP address for pulling in the necessary files and can build the image as expected locally, thank you very much for the quick turnaround with this issue! π
Only problem I can see now is that networking doesn't seem to work if I connect to Cisco VPN. So if I build images without VPN, everything works fine, then when I get onto the company VPN in order to be able to push the image to our private repository, I get connection timeouts on the push, which wasn't happening before, as I have pushed images to our private repository before using colima + VPN. Any ideas?
abiosoft
commented
2 years ago Only problem I can see now is that networking doesn't seem to work if I connect to Cisco VPN. So if I build images without VPN, everything works fine, then when I get onto the company VPN in order to be able to push the image to our private repository, I get connection timeouts on the push, which wasn't happening before, as I have pushed images to our private repository before using colima + VPN. Any ideas?
@B-0-B-B-Y
Are you able to confirm if this is a dns resolution issue i.e. are you able to push to the registry via the IP address instead. If yes can you try using vmnet for dns 192.168.106.1 and see if that changes anything.
B-0-B-B-Y
commented
2 years ago @abiosoft I'm unable to push using IP neither, and trying to use vmnet as the dns setting doesn't change anything unfortunately. Our IT department manages our VPN configuration, and I had a look, split tunneling is disabled for us, not sure if that affects anything but figured it's worth mentioning on here. My guess is that it does affect things, because running colima ls, I can see that colima vm gets given a 192.168.x.x address, but when connected to the VPN, I don't have access to those IP ranges
abiosoft
commented
2 years ago @B-0-B-B-Y @khalo-sa can you try the current main branch? brew install --head colima.
Kindly note that there there are some underlying changes to how the configs are now saved. If you do not want your workloads affected you can simply back up ~/.colima before testing.
Device: M1 Macbook 2020 OS: Monterey Colima info:
Colima setup steps taken:
I am unable to access/resolve external IPs from inside any docker container built with colima. This prevents me from building images properly as required files cannot be installed. A simple example I did to carry verify networking wasn't working correctly:
Error I am seeing when building one of our actual images that requires installation of some files from a remote IP address:
Is there something I am missing / not doing correctly? I tried running the docker build command with --network=host, but didn't help either?