2:15 p.m.
On 2021-02-25 16:03 -0500, Rusty Sapper wrote:
I’m having trouble setting up a macvlan. I created my config under
/etc/cni/net.d and can successfully start my continater with the macvlan
network.
However, when I exec into the container, it has no network access to
anything except itself. I apologize, I'm new to podman. I need to be able
to ssh into other hosts(jenkins nodes) to run tests. I am unable to use
the host network due to other requirements.
Any help would be appreciated. here is my macvlan config:
{
"cniVersion": "0.4.0",
"name": "testmac1",
"plugins": [
{
"type": "macvlan",
"master": "eno1np0",
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.0.0/24",
"gateway": "10.89.0.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
~
Hello,
although I admit I do not know what am I doing, I got externally
accessible containers via macvlan working. I do not have a "portmap"
plugin, but mine config have this:
{
"type": "tuning",
"capabilities": {
"mac": true
}
}
Whole config that works for me (as an ansible template) looks like this:
{
"cniVersion": "0.4.0",
"name": "macvlanprivate",
"plugins": [
{
"type": "macvlan",
"master": "ens4",
"ipam": {
"type": "host-local",
"ranges": [
[
{
"subnet": "{{ (private_ip + '/' +
private_netmask) | ipaddr('0') }}",
"gateway": "{{ private_gw }}",
"rangeStart": "{{ (private_ip + '/' +
containers_netmask) | ipaddr('1') | ipaddr('address') }}",
"rangeEnd": "{{ (private_ip + '/' +
containers_netmask) | ipaddr('-4') | ipaddr('address') }}"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0"
}
]
}
},
{
"type": "tuning",
"capabilities": {
"mac": true
}
}
]
}
Also can you ping your 10.89.0.1 from your container host? Are you
running your host with:
podman run --net testmac1 ...
Is following showing your network config?
podman network ls
Can you see IP in:
podman inspect --format "{{.NetworkSettings.Networks.testmac1.IPAddress}}"
"<container>"
What does `ip a` and `ip r` say in the container?
Just trying obvious as nobody answered yet :) Feel free to ignore me.
Regards,
Jan
--
Jan Hutar Performance Engineering
jhutar(a)redhat.com Red Hat, Inc.