search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.85k stars 2.42k forks source link

Default podman network can't handle ipv6 static network: #13377

Closed Folaht closed 2 years ago

Folaht commented 2 years ago

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Steps to reproduce the issue:

1.

{
  "cniVersion": "0.4.0",
  "name": "podman",
  "plugins": [
    {
      "type": "bridge",
      "bridge": "cni-podman0",
      "isGateway": true,
      "ipMasq": true,
      "hairpinMode": true,
      "ipam": {
        "type": "host-local",
        "routes": [{ "dst": "fdc4:5c83:002d:3eed::0/0" }],
        "ranges": [
          [
            {
              "subnet": "fdc4:5c83:002d:3eed::/64",
              "gateway": "fdc4:5c83:002d:3eed::1"
            }
          ]
        ]
      }
    },
    {
      "type": "portmap",
      "capabilities": {
        "portMappings": true
      }
    },
    {
      "type": "firewall"
    },
    {
      "type": "tuning"
    }
  ]
}

2.

$ sudo podman pull ghcr.io/safenetwork-community/rf-rootnode-ipv6

3.

$ sudo podman run \
--name root_node \
--restart unless-stopped \
--publish [glo.bal.ip.v6]:12000-12015:12000-12015/udp \
--env CON_IP=[fdc4:5c83:002d:3eed:0000:0000:0000:0001] \
--env CON_PORT=12000 \
--env PUB_IP=[glo.bal.ip.v6] \
--env PUB_PORT=12000 \
--ip6 fdc4:5c83:002d:3eed::2 \
--mount type=bind,source=/home/folaht/.local/share/safe/rf_cli,destination=/root/.safe/cli -d ghcr.io/safenetwork-community/rf-rootnode-ipv6:latest-dev

Describe the results you received:

WARN[0002] Failed to load cached network config: network podman not found in CNI cache, falling back to loading network podman from disk
WARN[0002] 1 error occurred:
    * plugin type="bridge" failed (delete): cni plugin bridge failed: running [/usr/bin/ip6tables -t nat -D POSTROUTING -s fdc4:5c83:002d:3eed ::1 -j CNI-cc14d1fe72264f4269a985e7 -m comment --comment name: "podman" id: "7d5e8f2aec8a3942806ef2a406b68cdc40463abdc2173398df4a1500d462e156" --wait]: exit status 2: ip6tables v1.8.7 (legacy): Couldn't load target `CNI-cc14d1fe72264f4269a985e7':No such file or directory

Try `ip6tables -h' or 'ip6tables --help' for more information.

Error: plugin type="bridge" failed (add): cni plugin bridge failed: failed to add route '{::fdc4:5c83:002d:3eed 00000000000000000000000000000000} via fdc4:5c83:002d:3eed::1 dev eth0': no route to host

Describe the results you expected:

A running container.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Client:       Podman Engine
Version:      4.0.0-dev
API Version:  4.0.0-dev
Go Version:   go1.17.6

Built:      Fri Feb 18 12:46:52 2022
OS/Arch:    linux/arm64

Output of podman info --debug:

host:
  arch: arm64
  buildahVersion: 1.24.1
  cgroupControllers:
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: /usr/bin/conmon appartient à conmon 1:2.1.0-1
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: bdb4f6e56cd193d40b75ffc9725d4b74a18cb33c'
  cpus: 4
  distribution:
    distribution: '"manjaro-arm"'
    version: unknown
  eventLogger: journald
  hostname: Rezosur-uq
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 10000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 10000
      size: 65536
  kernel: 5.10.95-1-MANJARO-ARM-RPI
  linkmode: dynamic
  logDriver: journald
  memFree: 218644480
  memTotal: 3977973760
  networkBackend: cni
  ociRuntime:
    name: crun
    package: /usr/bin/crun appartient à crun 1.4.2-1
    path: /usr/bin/crun
    version: |-
      crun version 1.4.2
      commit: f6fbc8f840df1a414f31a60953ae514fa497c748
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: /usr/bin/slirp4netns appartient à slirp4netns 1.1.12-1
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 5960404992
  swapTotal: 5966958592
  uptime: 133h 6m 1.28s (Approximately 5.54 days)
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /home/folaht/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: /usr/bin/fuse-overlayfs appartient à fuse-overlayfs 1.8.2-1
      Version: |-
        fusermount3 version: 3.10.5
        fuse-overlayfs: version 1.8.2
        FUSE library version 3.10.5
        using FUSE kernel interface version 7.31
  graphRoot: /home/folaht/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 0
  runRoot: /run/user/1000/containers
  volumePath: /home/folaht/.local/share/containers/storage/volumes
version:
  APIVersion: 4.0.0-dev
  Built: 1645184812
  BuiltTime: Fri Feb 18 12:46:52 2022
  GitCommit: ""
  GoVersion: go1.17.6
  OsArch: linux/arm64
  Version: 4.0.0-dev

Package info (e.g. output of rpm -q podman or apt list podman):

Manual download.

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

It works when I create a second network.

/etc/cni/net.d/podman1.conflist

{
   "cniVersion": "0.4.0",
   "name": "podman1",
   "plugins": [
      {
         "type": "bridge",
         "bridge": "cni-podman1",
         "isGateway": true,
         "ipMasq": true,
         "hairpinMode": true,
         "ipam": {
            "type": "host-local",
            "routes": [
               {
                  "dst": "::/0"
               }
            ],
            "ranges": [
               [
                  {
                     "subnet": "fdc2:2c37:1a5c:5ad1::/64",
                     "gateway": "fdc2:2c37:1a5c:5ad1::1"
                  }
               ]
            ]
         },
         "capabilities": {
            "ips": true
         }
      },
      {
         "type": "portmap",
         "capabilities": {
            "portMappings": true
         }
      },
      {
         "type": "firewall",
         "backend": ""
      },
      {
         "type": "tuning"
      }
   ]
}

So the issue is only with the default network.

baude commented 2 years ago

i think this is a known limitation of CNI.

rhatdan commented 2 years ago

Please try out netavark, this should work with Podman 4.