search

containers / netavark

Container network stack
Apache License 2.0
537 stars 85 forks source link

1.10: rootless: aardvark-dns runs in a different netns, dns will not work #911

Closed edsantiago closed 9 months ago

edsantiago commented 9 months ago

podman e2e tests fail rootless, both f39 and rawhide:

$ podman [options] network update IntTest207af0ff0c --dns-add 127.0.0.255
[ERROR netavark::dns::aardvark] aardvark-dns runs in a different netns, dns will not work for this container.  \
      To resolve please stop all containers, kill the aardvark-dns process, \
      remove the /tmp/podman_test3080652420/runroot/networks/aardvark-dns directory \
      and then start the containers again
IntTest207af0ff0c

See: https://github.com/containers/podman/pull/21366#issuecomment-1917359468

Given all the problems with *vark 1.10, I recommend pulling them until someone can actually test them.

mheon commented 9 months ago

Do you see this in just the tests, or elsewhere? I can't reproduce locally which makes me suspect something might be up with how we're testing.

mheon commented 9 months ago

The error is recently-added but I don't think we're seeing a Netavark failure here but a previously-undiscovered issue in how we test

edsantiago commented 9 months ago

I have not tested locally. Will try to get a reproducer.

Luap99 commented 9 months ago

Just guessing but I would assume you need to have a running container on the network. The issue is that podman does not join the rootless netns for the netavark update call (and it really doesn't need to) thus this check fails here in this case. I think the correct fix would to exclude the check on netavark update.

Given all the problems with *vark 1.10, I recommend pulling them until someone can actually test them.

Not sure what this means? So far I see one bug (this one) not something else, if you mean the fedora package problems then the solution is to update the both av/nv package to same version v1.10.X.

edsantiago commented 9 months ago

Reproducer:

$ bin/podman network create foo --dns 1.1.1.1
foo
$ bin/podman run -d --name c1 --network foo quay.io/libpod/testimage:20240123 top
82fdff75d3a6e0d0efca8d8c402dd35fb7160d7d1ebd5dbe641cd3c581b69bde
$ bin/podman network update foo --dns-add 127.0.0.255
[ERROR netavark::dns::aardvark] aardvark-dns runs in a different netns, dns will not work for this container. To resolve please stop all containers, kill the aardvark-dns process, remove the /run/user/1000/containers/networks/aardvark-dns directory and then start the containers again
foo

And what I mean is, I am unable to build CI VMs that work. I would like to get working VMs again. By "working" I mean "netavark and aardvark are installed and pass podman test suite"

mheon commented 9 months ago

912 to fix