search

containerd / nerdctl

contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
Apache License 2.0
8.16k stars 609 forks source link

failed to call cni.Setup: plugin type="macvlan" failed (add): Link not found #2490

Open adoyle-h opened 1 year ago

adoyle-h commented 1 year ago

Description

I want to create a container with macvlan network. But it failed when start container. It reports "Link not found" but actually the network device is existed.

I have read the document.

Steps to reproduce the issue

  1. nerdctl network create adguard --driver macvlan -o mode=bridge -o parent=enp1s0 --gateway=192.168.1.2 --subnet=192.168.1.0/24
  2. nerdctl run -it --network adguard adguard/adguardhome:v0.107.38

Describe the results you received and expected

> nerdctl run -it --network adguard adguard/adguardhome:v0.107.38
FATA[0000] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2023-09-13T03:07:37+08:00" level=fatal msg="failed to call cni.Setup: plugin type=\"macvlan\" failed (add): Link not found"
Failed to write to log, write /home/adoyle/.local/share/nerdctl/1935db59/containers/default/2a881648d06c97c85bca42b7797149c253621e64427abd10731d955f3d8379f3/oci-hook.createRuntime.log: file already closed: unknown
> cat ~/.config/cni/net.d/nerdctl-adguard.conflist
{
  "cniVersion": "1.0.0",
  "name": "adguard",
  "nerdctlID": "253c581cf9cdef5cb2731ce55dbc714d3650056b663f9b3f60c5511f2f4e8436",
  "nerdctlLabels": {},
  "plugins": [
    {
      "type": "macvlan",
      "master": "enp1s0",
      "mode": "bridge",
      "ipam": {
        "ranges": [
          [
            {
              "gateway": "192.168.1.2",
              "subnet": "192.168.1.0/24"
            }
          ]
        ],
        "routes": [
          {
            "dst": "0.0.0.0/0"
          }
        ],
        "type": "host-local"
      }
    }
  ]
}

The enp1s0 device is existed.

> ip a show enp1s0
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 7c:83:34:b9:d3:d1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global dynamic enp1s0
       valid_lft 79415sec preferred_lft 79415sec
    inet6 fe80::c930:f189:d3ba:fe04/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

What version of nerdctl are you using?

nerdctl version 1.5.0 rootless installed.

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

Client: Namespace: default Debug Mode: false

Server: Server Version: v1.7.2 Storage Driver: overlayfs Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Log: fluentd journald json-file syslog Storage: native overlayfs Security Options: seccomp Profile: default cgroupns rootless Kernel Version: 6.3.9-arch1-1 Operating System: Arch Linux OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 15.4GiB Name: A02 ID: 7ad6f773-a5c1-4e54-9d91-c881dfd0972a

AkihiroSuda commented 1 year ago

Please try sudo nerdctl

adoyle-h commented 1 year ago 
> sudo nerdctl run -it --network adguard adguard/adguardhome:v0.107.38
FATA[0000] cannot access containerd socket "/run/containerd/containerd.sock": no such file or directory

I am using the rootless nerdctl. @AkihiroSuda

AkihiroSuda commented 1 year ago

Macvlan is unsupported for rootless.

adoyle-h commented 1 year ago

@AkihiroSuda I tried it in root mode. And get another error.

FATA[0000] error while executing [/usr/bin/nerdctl network create --label=com.docker.compose.project=adguard-home --label=com.docker.compose.network=adguard --driver=macvlan --opt=parent=enp1s0 --subnet=192.168.1.0/24 --gateway=192.168.1.2 adguard-home_adguard]: "time=\"2023-09-13T16:10:44+08:00\" level=fatal msg=\"subnet 192.168.1.0/24 overlaps with other one on this address space\"\n": exit status 1

I want to assign LAN ip like 192.168.1.20 to a container. Why the macvlan subnet cannot overlaps with host network?

Here is my host device link info.

2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 7c:83:34:b9:d3:d1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global dynamic noprefixroute enp1s0
       valid_lft 81287sec preferred_lft 81287sec
    inet6 fe80::c930:f189:d3ba:fe04/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

And I tried it on Docker with same commands. It works.

fahedouch commented 1 year ago

Please use dhcp server for more flexible configuration https://github.com/containerd/nerdctl/blob/main/docs/cni.md#macvlanipvlan-networks

Why the macvlan subnet cannot overlaps with host network?

Containers subnet should be under the same network as the parent (phyisical) network that means network overlapping if not permited

Please ensure that your host ips do not overlap with 192.168.1.0/24