search

containerd / nerdctl

contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
Apache License 2.0
7.86k stars 585 forks source link

[CentOS 7] nerdctl run failed.failed to call cni.Setup: plugin type=\"bridge\" failed (add): running (`iptables v1.8.7 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain POSTROUTING\n"`) #1318

Open xuegege5290 opened 2 years ago

xuegege5290 commented 2 years ago

centos7

Description

> nerdctl --namespace=nerdctl-test run --rm --net host myregistry.domain.com:5001/stargz-containers/alpine:3.13-org
>
> nerdctl --namespace=nerdctl-test ps -a
CONTAINER ID    IMAGE                                                                           COMMAND                   CREATED                   STATUS     PORTS                       NAMES  
c9c847257348    myregistry.domain.com:5001/stargz-containers/alpine:3.13-org                    "/bin/grep shm /proc…"    Less than a second ago    Created                               nerdctl-testcopytocontainer   
> nerdctl --namespace=nerdctl-test start c9c847257348
FATA[0000] failed to create shim: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2022-08-16T06:37:17Z" level=fatal msg="failed to call cni.Setup: plugin type=\"bridge\" failed (add): running [/usr/sbin/iptables -t nat -A POSTROUTING -s 10.4.0.72 -j CNI-641983adac3364af5cf2b254 -m comment --comment name: \"bridge\" id: \"nerdctl-test-c9c8472573488660d111090f204c6d7637614ee4949da9ead7932d9f2103abd4\" --wait]: exit status 4: iptables v1.8.7 (nf_tables):  RULE_APPEND failed (Invalid argument): rule in chain POSTROUTING\n"
Failed to write to log, write /var/lib/nerdctl/1935db59/containers/nerdctl-test/c9c8472573488660d111090f204c6d7637614ee4949da9ead7932d9f2103abd4/oci-hook.createRuntime.log: file already closed: unknown

Steps to reproduce the issue

1. 2. 3.

Describe the results you received and expected

run it successful

What version of nerdctl are you using?

Version: v0.22.1 OS/Arch: linux/amd64

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

No response

Host information

[root@zxsvp_docker_build ~]# nerdctl version Client: Version: v0.22.1 OS/Arch: linux/amd64 Git commit: 3c83196ab006154fd1c3bc14bbcc0d3660fb7d5f buildctl: Version: v0.10.3 GitCommit: c8d25d9a103b70dc300a4fd55e7e576472284e31

Server: containerd: Version: 1.5.9 GitCommit:

xuegege5290 commented 2 years ago 
> /usr/bin/bridge -v
CNI bridge plugin v1.0.0

> /usr/sbin/iptables -t nat -A POSTROUTING -s 10.4.0.72 -j CNI-641983adac3364af5cf2b254 -m comment --comment name: \"bridge\" id: \"nerdctl-test-c9c8472573488660d111090f204c6d7637614ee4949da9ead7932d9f2103abd4\" --wait
Bad argument `"bridge"'
Try `iptables -h' or 'iptables --help' for more information.

i try to update the version of cni to 1.1.1,still not work.

xuegege5290 commented 2 years ago

@kzys @dqminh @mattfarina @vbatts

xuegege5290 commented 1 year ago

Change the iptables version,the problem solved.But do not know why nerdctl has relation to the iptables

SecGPT commented 3 months ago

Change the iptables version,the problem solved.But do not know why nerdctl has relation to the iptables

@xuegege5290 I had the same problem.Can you tell me what version for iptables?but,I use a debian buildroot system