search

newsnowlabs / docker-ingress-routing-daemon

Docker swarm daemon that modifies ingress mesh routing to expose true client IPs to service containers
MIT License
179 stars 34 forks source link

Docker from Snap cannot find ingress_sbox. #35

Open iamjaeholee opened 10 months ago

iamjaeholee commented 10 months ago

I have installed docker from snap.

when i try to install DIRD, cannot find ingress_sbox.

2023-12-06.04:36:05.438065|Hedwig|1016512| Docker Ingress Routing Daemon 4.1.0 starting ...
nsenter: cannot open /var/run/docker/netns/ingress_sbox: No such file or directory
2023-12-06.04:36:05.544429|Hedwig|1016512| - Couldn't identify ingress network subnet or this node's ingress network IP; sleeping 1s, then exiting.

I think snap docker save network container in /run/snap.docker/netns/

struanb commented 10 months ago

Thanks for raising this issue. You're right that DIRD does not currently support non-standard paths to ingress_sbox.

Adding support shouldn't be hard though. Would you mind searching/replacing the standard path with the snap path in the code and trying that to see if it is sufficient?

If it works, we can look to add a command line option for configuring this and officially supporting it.

iamjaeholee commented 10 months ago

Okay. Thank you for comment.

I have changed the code like following.


# Delete any relevant preexisting rules.
log "Cleaning up any stale load-balancer rules ..."

nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t nat -S | \
  grep -- '-m ipvs --ipvs -j ACCEPT' | \
  sed -r 's/^-A /-D /' | \
  while read RULE; \
  do
    log "- Deleting old rule: iptables -t nat $RULE"
    nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t nat $RULE
  done

nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t mangle -S | \
  grep -- '-j TOS --set-tos' | \
  sed -r 's/^-A /-D /' | \
  while read RULE; \
  do
    log "- Deleting old rule: iptables -t mangle $RULE"
    nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t mangle $RULE
  done

nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t raw -S | \
  grep -- '-j CT --notrack' | \
  sed -r 's/^-A /-D /' | \
  while read RULE; \
  do
    log "- Deleting old rule: iptables -t raw $RULE"
    nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t raw $RULE
  done

if [ "$INSTALL" = "0" ]; then
  log "Docker Ingress Routing Daemon iptables rules uninstalled, exiting."
  exit 0
fi

###############

I just change all nsenter --net option.

but encountered other nsenter issue.

2023-12-07.10:28:09.777109|jaeho-VirtualBox|05734| Docker Ingress Routing Daemon 4.1.1 starting ...
nsenter: reassociate to namespace 'ns/net' failed: Invalid argument
2023-12-07.10:28:09.922912|jaeho-VirtualBox|05734| - Couldn't identify ingress network subnet or this node's ingress network IP; sleeping 1s, then exiting.