2:38 p.m.
I'd like to use containers for services that overlap in the ports they
use. For example, I'd like to run FreeIPA and also a caching DNS
server. (Or FreeIPA with Windows auth and Samba, which both use 137-139
and 445.)
My preferred setup for this is bridged networking without NAT, and I've
got that set up. I manually configured a bridge device with the
Ethernet interface as a member, and I've configured a CNI network with
"host-local" IPAM. I can create containers attached to that network,
and they'll get an address that's on the host's network. Clients can
connect to them. All of that is working as expected.
However, especially in the case of running a DNS server, I'd really like
to have a fixed address for the container, and I don't see a way to do
that (other than creating another network definition with "static" IPAM,
which would require a network definition for every container with a
fixed address). The documentation for podman-run says that --ip can't
be used when a container is joined to an "additional" network, and I
don't understand that. The container is only connected to one network,
as indicated by the output of "podman inspect".
So, to the question in the subject, why is --ip only allowed on the
default network? Is there any other mechanism for assigning a fixed IP
address to a container that's on a user-defined network?
2:44 p.m.
On 2020-05-08 12:38, Gordon Messmer wrote:
I'd like to use containers for services that overlap in the ports
they
use. For example, I'd like to run FreeIPA and also a caching DNS
server. (Or FreeIPA with Windows auth and Samba, which both use
137-139 and 445.)
My preferred setup for this is bridged networking without NAT, and
I've got that set up. I manually configured a bridge device with the
Ethernet interface as a member, and I've configured a CNI network with
"host-local" IPAM. I can create containers attached to that network,
and they'll get an address that's on the host's network. Clients can
connect to them. All of that is working as expected.
However, especially in the case of running a DNS server, I'd really
like to have a fixed address for the container, and I don't see a way
to do that (other than creating another network definition with
"static" IPAM, which would require a network definition for every
container with a fixed address). The documentation for podman-run
says that --ip can't be used when a container is joined to an
"additional" network, and I don't understand that. The container is
only connected to one network, as indicated by the output of "podman
inspect".
So, to the question in the subject, why is --ip only allowed on the
default network? Is there any other mechanism for assigning a fixed
IP address to a container that's on a user-defined network?
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
What Podman version are you on? I remember adding code to permit --ip
with non-default CNI networks. A parse of the release notes suggests
this landed in v1.7.0.
Thanks,
Matt Heon
3:05 p.m.
On 5/8/20 12:44 PM, Matt Heon wrote:
What Podman version are you on? I remember adding code to permit
--ip
with non-default CNI networks. A parse of the release notes suggests
this landed in v1.7.0.
Well, that's good news, then. I'm using podman 1.6.4 from "extras" on
CentOS 7. I was planning to rebuild that host once CentOS 8.2 was
published.
Thank you!
3:42 p.m.
On 5/8/20 1:05 PM, Gordon Messmer wrote:
On 5/8/20 12:44 PM, Matt Heon wrote:
> What Podman version are you on? I remember adding code to permit --ip
> with non-default CNI networks. A parse of the release notes suggests
> this landed in v1.7.0.
Well, that's good news, then. I'm using podman 1.6.4 from "extras" on
CentOS 7. I was planning to rebuild that host once CentOS 8.2 was
published.
I probably should also mention that the reason I asked instead of
updating to a newer version through a different repo is that the man
page for podman 1.9 on Fedora appears to be the same. It still says
that --ip can't be used with --network. I'll verify that --ip is usable
for newer versions and then send a PR for the man page, assuming I can
figure out where it is and isn't usable based on the 1.7 release notes. :)
5:16 p.m.
On 2020-05-08 13:42, Gordon Messmer wrote:
On 5/8/20 1:05 PM, Gordon Messmer wrote:
>On 5/8/20 12:44 PM, Matt Heon wrote:
>>What Podman version are you on? I remember adding code to permit --ip
>>with non-default CNI networks. A parse of the release notes suggests
>>this landed in v1.7.0.
>
>Well, that's good news, then. I'm using podman 1.6.4 from "extras"
>on CentOS 7. I was planning to rebuild that host once CentOS 8.2
>was published.
I probably should also mention that the reason I asked instead of
updating to a newer version through a different repo is that the man
page for podman 1.9 on Fedora appears to be the same. It still says
that --ip can't be used with --network. I'll verify that --ip is
usable for newer versions and then send a PR for the man page,
assuming I can figure out where it is and isn't usable based on the
1.7 release notes. :)
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
I actually just sent a PR to fix that - it looks like I missed the
manpages when I made the update to actually allow --ip when a CNI
network is specified. Oops. Code ought to be working, but the docs are
wrong (until my fix lands, at least).
Thanks,
Matt Heon
5:26 p.m.
On 5/8/20 3:16 PM, Matt Heon wrote:
I actually just sent a PR to fix that - it looks like I missed the
manpages when I made the update to actually allow --ip when a CNI
network is specified. Oops. Code ought to be working, but the docs are
wrong (until my fix lands, at least).
Thank you, again! You're awesome.
1658
days inactive
1658
days old
5 comments
2 participants
participants (2)
-
Gordon Messmer -
Matt Heon