Closed 0x450x6c closed 8 months ago
This seems like something we should disable in all cases, as DHCP is not really a container level concern, and as far as I know the container runtime should configure the container network, and not through an indirection like DHCP.
I think we should have a file analogous to service/nixos-init.nix
except its configuration is always enabled. service/nixos-defaults.nix
? And then a module nixos/defaults.nix
that actually does the disabling. Does that make sense?
Yes, that makes sense.
I just ran into this, or rather- I had this as a latent issue until I enabled the NET_ADMIN capability on a container which triggered it. DHCP wasn't actually running until then, journalctl shows the "non-failing" containers with this:
systemd[1]: DHCP Client was skipped because of an unmet condition check (ConditionCapability=CAP_NET_ADMIN).
Whereas a failing container ends up with these routes:
# ip route
default dev eth0 scope link src 169.254.45.60 metric 1001002
10.89.1.0/24 dev eth0 proto kernel scope link src 10.89.1.97
169.254.0.0/16 dev eth0 scope link src 169.254.45.60 metric 1002
Thanks!
Hello.
In full-nixos example DHCP is not disabled, and it breaks network inside container.