gatesry
commented
2 years ago Post your .conflist and 10-dns.sh configs here. Also, run podman network ls and post the output.
Closed heytcass closed 2 years ago
gatesry
commented
2 years ago Post your .conflist and 10-dns.sh configs here. Also, run podman network ls and post the output.
Cliff-R-K
commented
2 years ago I just tried following the guide for setting up pi-hole and I get exactly the same error. .conflist and 10-dns.sh is untouched as I created my LAN to match the config. output from podman ls network is:
podman 0.4.0 bridge,portmapI'm not certain on this, but I don't believe your main UDM LAN can match the podman network. Try changing either your main LAN or config files to have a separate network.
Cliff-R-K
commented
2 years ago Sorry, I ment to say that I created my second LAN to match the config.
heytcass
commented
2 years ago @gatesry
Post your .conflist and 10-dns.sh configs here. Also, run
podman network lsand post the output.
# cat /mnt/data/podman/cni/20-dns.conflist
{
"cniVersion": "0.4.0",
"name": "dns",
"plugins": [
{
"type": "macvlan",
"mode": "bridge",
"master": "br53",
"mac": "98:F6:FD:42:12:4B",
"ipam": {
"type": "static",
"addresses": [
{
"address": "10.0.5.3/24",
"gateway": "10.0.5.1"
}
],
"routes": [
{"dst": "0.0.0.0/0"}
]
}
}
]
}# cat /mnt/data/on_boot.d/10-dns.sh
#!/bin/sh
## configuration variables:
VLAN=53
IPV4_IP="192.168.53.3"
# This is the IP address of the container. You may want to set it to match
# your own network structure such as 192.168.5.3 or similar.
IPV4_GW="192.168.53.1/24"
# As above, this should match the gateway of the VLAN for the container
# network as above which is usually the .1/24 range of the IPV4_IP
# if you want IPv6 support, generate a ULA, select an IP for the dns server
# and an appropriate gateway address on the same /64 network. Make sure that
# the 20-dns.conflist is updated appropriately. It will need the IP and GW
# added along with a ::/0 route. Also make sure that additional --dns options
# are passed to podman with your IPv6 DNS IPs when deploying the container for
# the first time. You will also need to configure your VLAN to have a static
# IPv6 block.
# IPv6 Also works with Prefix Delegation from your provider. The gateway is the
# IP of br(VLAN) and you can pick any ip address within that subnet that dhcpv6
# isn't serving
IPV6_IP=""
IPV6_GW=""
# set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
# re-routed through the DNS container. separate interfaces with spaces.
# e.g. "br0" or "br0 br1" etc.
FORCED_INTFC="br0"
# container name; e.g. nextdns, pihole, adguardhome, etc.
CONTAINER=adguardhome
if ! test -f /opt/cni/bin/macvlan; then
echo "Error: CNI plugins not found. You can install it with the following command:" >&2
echo " curl -fsSLo /mnt/data/on_boot.d/05-install-cni-plugins.sh https://raw.githubusercontent.com/boostchicken/udm-utilities/master/cni-plugins/05-install-cni-plugins.sh && /bin/sh /mnt/data/on_boot.d/05-install-cni-plugins.sh" >&2
exit 1
fi
# set VLAN bridge promiscuous
ip link set "br${VLAN}" promisc on
# create macvlan bridge and add IPv4 IP
ip link add "br${VLAN}.mac" link "br${VLAN}" type macvlan mode bridge
ip addr add "${IPV4_GW}" dev "br${VLAN}.mac" noprefixroute
# (optional) add IPv6 IP to VLAN bridge macvlan bridge
if [ -n "${IPV6_GW}" ]; then
ip -6 addr add "${IPV6_GW}" dev "br${VLAN}.mac" noprefixroute
fi
# set macvlan bridge promiscuous and bring it up
ip link set "br${VLAN}.mac" promisc on
ip link set "br${VLAN}.mac" up
# add IPv4 route to DNS container
ip route add "${IPV4_IP}/32" dev "br${VLAN}.mac"
# (optional) add IPv6 route to DNS container
if [ -n "${IPV6_IP}" ]; then
ip -6 route add "${IPV6_IP}/128" dev "br${VLAN}.mac"
fi
# Make DNSMasq listen to the container network for split horizon or conditional forwarding
if ! grep -qxF "interface=br${VLAN}.mac" /run/dnsmasq.conf.d/custom.conf; then
echo "interface=br${VLAN}.mac" >> /run/dnsmasq.conf.d/custom.conf
kill -9 "$(cat /run/dnsmasq.pid)"
fi
if podman container exists "${CONTAINER}"; then
podman start "${CONTAINER}"
else
logger -s -t podman-dns -p "ERROR Container ${CONTAINER} not found, make sure you set the proper name, you can ignore this error if it is your first time setting it up"
fi
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
for intfc in ${FORCED_INTFC}; do
if [ -d "/sys/class/net/${intfc}" ]; then
for proto in udp tcp; do
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j LOG --log-prefix [DNAT-${intfc}-${proto}]"
iptables -t nat -C ${prerouting_rule} 2>/dev/null || iptables -t nat -A ${prerouting_rule}
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
iptables -t nat -C ${prerouting_rule} 2>/dev/null || iptables -t nat -A ${prerouting_rule}
# (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
if [ -n "${IPV6_IP}" ]; then
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j LOG --log-prefix [DNAT-${intfc}-${proto}]"
ip6tables -t nat -C ${prerouting_rule} 2>/dev/null || ip6tables -t nat -A ${prerouting_rule}
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
ip6tables -t nat -C ${prerouting_rule} 2>/dev/null || ip6tables -t nat -A ${prerouting_rule}
fi
done
fi
done
podman run -d --network dns --restart always \
> --name adguardhome \
> -v "/mnt/data/AdguardHome-Confdir/:/opt/adguardhome/conf/" \
> -v "/mnt/data/AdguardHome-Workdir/:/opt/adguardhome/work/" \
> --dns=127.0.0.1 --dns=1.1.1.1 \
> --hostname adguardhome \
> adguard/adguardhome:latest
ERRO[0000] CNI network "dns" not found
Error: error configuring network namespace for container 9478b7acf2b36955180d38d03d3e2cf137df20000d2530e8595a419fe03a077d: CNI network "dns" not found```
# podman network ls
NAME VERSION PLUGINS
podman 0.4.0 bridge,portmapSpotted it. I didn't update the address and gateway in the .conflist. Seems to run now, but can't get to the web UI. Will test again in a bit and get back.
gatesry
commented
2 years ago Spotted it. I didn't update the address and gateway in the .conflist. Seems to run now, but can't get to the web UI. Will test again in a bit and get back.
Nice! Good catch.
I would run podman logs next to see if your container has any reported issues starting up. Command reference here: https://docs.podman.io/en/latest/markdown/podman-logs.1.html
Edit: default UI port for AdGuardHome is 3000
heytcass
commented
2 years ago Nope. Same issue. Re-ran from scratch with all the files triple checked, still getting
ERRO[0000] CNI network "dns" not found
Error: error configuring network namespace for container 1982a4da67c742430536c2e82a2bb4ad9b7fe9b7d7687b6d59271f8e4e0d92bf: CNI network "dns" not foundNope. Same issue. Re-ran from scratch with all the files triple checked, still getting
ERRO[0000] CNI network "dns" not found Error: error configuring network namespace for container 1982a4da67c742430536c2e82a2bb4ad9b7fe9b7d7687b6d59271f8e4e0d92bf: CNI network "dns" not found
Run podman network inspect Might need to attach flags to the “dns” network.
Also restarting the UDMP sometimes forces podman to process the extra conflist configs you put in that directory. They are symbolic linked to the CNI configuration folder, but not sure if that’s a process that’s only completed on boot up.
Cliff-R-K
commented
2 years ago Sorry for hijacking again but it looks like we have exactly the same problem.
When i run podman network inspect dns I did get "No network found" or similar. After rebooting I get:
podman network inspect dns
[
{
"cniVersion": "0.4.0",
"name": "dns",
"plugins": [
{
"ipam": {
"addresses": [
{
"address": "10.0.5.3/24",
"gateway": "10.0.5.1"
}
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"type": "static"
},
"mac": "23:CE:AA:96:19:01",
"master": "br5",
"mode": "bridge",
"type": "macvlan"
}
]
}
]And if I run:
# podman run -d --network dns --restart always \
> --name pihole \
> -e TZ="Europe/Stockholm" \
> -v "/mnt/data/etc-pihole/:/etc/pihole/" \
> -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
> --dns=127.0.0.1 \
> --dns=1.1.1.1 \
> --dns=8.8.8.8 \
> --hostname pi.hole \
> -e VIRTUAL_HOST="pi.hole" \
> -e PROXY_LOCATION="pi.hole" \
> -e ServerIP="10.0.5.3" \
> -e IPv6="False" \
> pihole/pihole:latest
Trying to pull docker.io/pihole/pihole:latest...
Getting image source signatures
Copying blob f1d70d0cecf6 done
Copying blob aef6f138b30a done
Copying blob 58952488aee3 done
Copying blob 49aabdeceda1 done
Copying blob 753408153c81 done
Copying blob a6a25169eb8e done
Copying blob bbac4f90345b done
Copying blob da2dbe10d69d done
Copying config e7408bdcb1 done
Writing manifest to image destination
Storing signatures
ERRO[0020] Error adding network: failed to create macvlan: cannot assign requested address
ERRO[0020] Error while adding pod to CNI network "dns": failed to create macvlan: cannot assign requested address
Error: error configuring network namespace for container 0d2bfc9ee46cea4f075fcbf70dad50b5b31ba3cb19bcc5e73e88a154408f500d: failed to create macvlan: cannot assign requested addressAnd this is my created network in the udm-settings
Cliff-R-K
commented
2 years ago Ah I managed to solve the problem. I just used an online mac-generator to generate my mac-address. Apparently you need a MAC-address that matches the vendor (Ubiquiti) so it have to start with 00-15-6D. I just changed the the first part in the MAC-address that I was using to "00-15-6D".
https://gist.github.com/aallan/b4bb86db86079509e6159810ae9bd3e4
So in summary the solution to my problem was to:
podman run --network ... (I don't know if it also have to match with the name of the created VLAN network in the UDM LAN settings, but mine does now)heytcass
commented
2 years ago @burton666 That was it! Thank you for figuring that out. I will make a PR for the Adguardhome README reflecting that.
Side note: Do we know if the MAC address has to be in the XX-XX-XX format? Or can it be XX:XX:XX or others?
gatesry
commented
2 years ago @burton666 That was it! Thank you for figuring that out. I will make a PR for the Adguardhome README reflecting that.
Side note: Do we know if the MAC address has to be in the XX-XX-XX format? Or can it be XX:XX:XX or others?
Podman expects XX:XX:XX
Describe the bug Following all the steps in the AdGuardHome README I keep getting the error
ERRO[0000] CNI network "dns" not foundafter running thepodman runstep.To Reproduce Steps to reproduce the behavior:
podman run -d --network dns --restart always --name adguardhome -v "/mnt/data/AdguardHome-Confdir/:/opt/adguardhome/conf/" -v "/mnt/data/AdguardHome-Workdir/:/opt/adguardhome/work/" --dns=127.0.0.1 --dns=1.1.1.1 --hostname adguardhome adguard/adguardhome:latestError: error configuring network namespace for container e695e7ad4fde663c551ee481136d3e40a3efec008ff911f78953112d11ae8256: CNI network "dns" not foundExpected behavior Have the Podman pod deploy successfully, and be able to move on to Step 8.
Screenshots
UDM Information
Additional context Have udm-le working without issue.