Open Kamilcuk opened 1 month ago
Hi @Kamilcuk, do you know version of CNI ships in this setup? https://github.com/hashicorp/nomad/issues/20263 details problems with upstream CNI which caused detection errors that has been fixed in subsequent releases from CNI and did not need any intervention or changes within Nomad.
+ apt list -a containernetworking-plugins
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Listing...
containernetworking-plugins/jammy,now 0.9.1+ds1-1 amd64 [installed,automatic]
As I understand https://github.com/containernetworking/plugins/releases/tag/v0.8.0 , the CNI spec v0.4.0 was added in v0.8.0 of containernetowrking-plugins. So I think protocol 0.4.0 should be detected.
And --help and --version of each executable in the directory:
+ /opt/cni/bin/bandwidth --help
CNI bandwidth plugin version unknown
+ /opt/cni/bin/bandwidth --version
CNI bandwidth plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/bridge --help
CNI bridge plugin version unknown
+ /opt/cni/bin/bridge --version
CNI bridge plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/dhcp --help
CNI dhcp plugin version unknown
+ /opt/cni/bin/dhcp --version
CNI dhcp plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/dnsname --help
CNI dnsname plugin
version: 1.3.1
commit: unknown
+ /opt/cni/bin/dnsname --version
CNI dnsname plugin
version: 1.3.1
commit: unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/firewall --help
CNI firewall plugin version unknown
+ /opt/cni/bin/firewall --version
CNI firewall plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/flannel --help
CNI flannel plugin version unknown
+ /opt/cni/bin/flannel --version
CNI flannel plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/host-device --help
CNI host-device plugin version unknown
+ /opt/cni/bin/host-device --version
CNI host-device plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/host-local --help
CNI host-local plugin version unknown
+ /opt/cni/bin/host-local --version
CNI host-local plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/ipvlan --help
CNI ipvlan plugin version unknown
+ /opt/cni/bin/ipvlan --version
CNI ipvlan plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/loopback --help
CNI loopback plugin version unknown
+ /opt/cni/bin/loopback --version
CNI loopback plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/macvlan --help
CNI macvlan plugin version unknown
+ /opt/cni/bin/macvlan --version
CNI macvlan plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/portmap --help
CNI portmap plugin version unknown
+ /opt/cni/bin/portmap --version
CNI portmap plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/ptp --help
CNI ptp plugin version unknown
+ /opt/cni/bin/ptp --version
CNI ptp plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/sbr --help
CNI sbr plugin version unknown
+ /opt/cni/bin/sbr --version
CNI sbr plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/static --help
CNI static plugin version unknown
+ /opt/cni/bin/static --version
CNI static plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/tuning --help
CNI tuning plugin version unknown
+ /opt/cni/bin/tuning --version
CNI tuning plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/vlan --help
CNI vlan plugin version unknown
+ /opt/cni/bin/vlan --version
CNI vlan plugin version unknown
+ for i in /opt/cni/bin/*
+ /opt/cni/bin/vrf --help
CNI vrf plugin version unknown
+ /opt/cni/bin/vrf --version
CNI vrf plugin version unknown
The XY issue is, Nomad <1.8 did not auto add '${attr.plugins.cni.bridge}' semver '>= 0.4.0'
constraints to jobs. The docker jobs with bridge just worked. Nomad 1.8 does adds the constrants, but now the version is not detected, and the job will not run. Even if it wouold work if it would be started. Bottom line, this is like a regression, because some users may be not be able to run jobs that used to work by omission of check. Thanks.
@Kamilcuk these are very old versions of the CNI plugins. You should be using more current versions that will report their fingerprint correctly (and fix a ton of bugs!)
I'm going to update our docs to establish a minimum version of the plugins and add a deprecation warning on the 1.8.x release notes.
Hi. Is it be possible to remove the check from job specification or force Nomad to know that CNI plugins with specific version exists? It would be nice to have a plugin "docker" { config { cni_version = "4.0.0" # overrides cni detection } }
configuration option.
@Kamilcuk I'm not sure why we'd want to do that; the reason we added the constraint is because users were running into problems where they were deployed on old versions of CNI plugins (or no CNI plugins at all!). Wouldn't this just open up users to having incorrect behavior? And in any case, CNI plugins aren't associated with the docker
plugin at all.
Nomad version
Nomad v1.8.0 BuildDate 2024-05-28T17:38:17Z Revision 28b82e4b2259fae5a62e2ed47395334bea5a24c4
Operating system and Environment details
github-actions ubuntu-latest
Issue
nomad does not detect CNI pluigns, but they are installed in github-actions.
Reproduction steps
Run the following in github actions:
Expected Result
Nomad should have access to CNI plugins, or report the version of them.
Actual Result
Nomad has no access to CNI plugins, but they are available at /opt/cni/bin
Is this expected? Is the CNI plugins in github-actions ubuntu-latest too old or is this a bug in version detection?
Thanks.
Nomad Server logs (if appropriate)
https://github.com/Kamilcuk/nomad-tools/actions/runs/9397590511/job/25881118293