Open mcastelino opened 6 years ago
docker version
Client:
Version: 17.05.0-ce
API version: 1.29
Go version: go1.9
Git commit: 7392c3b0ce0f9d3e918a321c66668c5d1ef4f689
Built: Wed Sep 20 09:30:15 2017
OS/Arch: linux/amd64
Server:
Version: 17.05.0-ce
API version: 1.29 (minimum version 1.12)
Go version: go1.9
Git commit: 7392c3b0ce0f9d3e918a321c66668c5d1ef4f689
Built: Wed Sep 20 09:30:15 2017
OS/Arch: linux/amd64
Experimental: false
cc-runtime version
cc-runtime : 3.0.0-beta.2
commit : <<unknown>>
OCI specs: 1.0.0-rc5
Note. Docker is built using a different version of go in the case of docker supplied packages
docker version
Client:
Version: 17.06.0-ce
API version: 1.30
Go version: go1.8.3
Git commit: 02c1d87
Built: Fri Jun 23 21:23:42 2017
OS/Arch: linux/amd64
Server:
Version: 17.06.0-ce
API version: 1.30 (minimum version 1.12)
Go version: go1.8.3
Git commit: 02c1d87
Built: Fri Jun 23 21:25:02 2017
OS/Arch: linux/amd64
Experimental: false
Docker is actually creating the interfaces per dmesg. Looks like it is creating in a wrong ns or maybe even on the host itself. The dmesg logs indicate the creation and deletion.
[ 9667.861101] docker0: port 1(veth7f1faef) entered blocking state
[ 9667.861103] docker0: port 1(veth7f1faef) entered disabled state
[ 9667.861156] device veth7f1faef entered promiscuous mode
[ 9667.861256] IPv6: ADDRCONF(NETDEV_UP): veth7f1faef: link is not ready
[ 9667.861257] docker0: port 1(veth7f1faef) entered blocking state
[ 9667.861259] docker0: port 1(veth7f1faef) entered forwarding state
[ 9667.861813] docker0: port 1(veth7f1faef) entered disabled state
[ 9667.914435] eth0: renamed from vethcaa37ad
[ 9667.925591] IPv6: ADDRCONF(NETDEV_CHANGE): veth7f1faef: link becomes ready
[ 9667.925674] docker0: port 1(veth7f1faef) entered blocking state
[ 9667.925675] docker0: port 1(veth7f1faef) entered forwarding state
[ 9667.958828] vethcaa37ad: renamed from eth0
[ 9667.970392] docker0: port 1(veth7f1faef) entered disabled state
[ 9667.983367] docker0: port 1(veth7f1faef) entered disabled state
[ 9667.985221] device veth7f1faef left promiscuous mode
[ 9667.985224] docker0: port 1(veth7f1faef) entered disabled state
Looks like we have a bug in our network namespace scanning logic. If there are interfaces we do not expect to see like GRE which appear when GRE tunnels are created on the host, we do not ignore them and move on. We need to change our scanning logic to ignore the interfaces such as gre0 and gretap0 which are side effects of tunnel creation on the host.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
link/gre 0.0.0.0 brd 0.0.0.0
3: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
/cc @jcvenegas for the 'qemu left running bit', as iirc he was looking at that area recently??
Fixed by https://github.com/containers/virtcontainers/pull/394 Needs re-vendoring
Description of problem
docker run -itd alpine sh
Expected result
Container up with networking
Actual result
Runtime logs
The netns is actually setup
The docker logs show the networking pre-hook being called
However it looks like the interface was setup either in the wrong namespace or we scanned the wrong namespace on hook return
Note: Also QEMU is left running even though the container was never launched