4:03 p.m.
I’m having trouble setting up a macvlan. I created my config under
/etc/cni/net.d and can successfully start my continater with the macvlan
network.
However, when I exec into the container, it has no network access to
anything except itself. I apologize, I'm new to podman. I need to be able
to ssh into other hosts(jenkins nodes) to run tests. I am unable to use
the host network due to other requirements.
Any help would be appreciated. here is my macvlan config:
{
"cniVersion": "0.4.0",
"name": "testmac1",
"plugins": [
{
"type": "macvlan",
"master": "eno1np0",
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.0.0/24",
"gateway": "10.89.0.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
~
2:15 p.m.
On 2021-02-25 16:03 -0500, Rusty Sapper wrote:
I’m having trouble setting up a macvlan. I created my config under
/etc/cni/net.d and can successfully start my continater with the macvlan
network.
However, when I exec into the container, it has no network access to
anything except itself. I apologize, I'm new to podman. I need to be able
to ssh into other hosts(jenkins nodes) to run tests. I am unable to use
the host network due to other requirements.
Any help would be appreciated. here is my macvlan config:
{
"cniVersion": "0.4.0",
"name": "testmac1",
"plugins": [
{
"type": "macvlan",
"master": "eno1np0",
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.0.0/24",
"gateway": "10.89.0.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
~
Hello,
although I admit I do not know what am I doing, I got externally
accessible containers via macvlan working. I do not have a "portmap"
plugin, but mine config have this:
{
"type": "tuning",
"capabilities": {
"mac": true
}
}
Whole config that works for me (as an ansible template) looks like this:
{
"cniVersion": "0.4.0",
"name": "macvlanprivate",
"plugins": [
{
"type": "macvlan",
"master": "ens4",
"ipam": {
"type": "host-local",
"ranges": [
[
{
"subnet": "{{ (private_ip + '/' +
private_netmask) | ipaddr('0') }}",
"gateway": "{{ private_gw }}",
"rangeStart": "{{ (private_ip + '/' +
containers_netmask) | ipaddr('1') | ipaddr('address') }}",
"rangeEnd": "{{ (private_ip + '/' +
containers_netmask) | ipaddr('-4') | ipaddr('address') }}"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0"
}
]
}
},
{
"type": "tuning",
"capabilities": {
"mac": true
}
}
]
}
Also can you ping your 10.89.0.1 from your container host? Are you
running your host with:
podman run --net testmac1 ...
Is following showing your network config?
podman network ls
Can you see IP in:
podman inspect --format "{{.NetworkSettings.Networks.testmac1.IPAddress}}"
"<container>"
What does `ip a` and `ip r` say in the container?
Just trying obvious as nobody answered yet :) Feel free to ignore me.
Regards,
Jan
--
Jan Hutar Performance Engineering
jhutar(a)redhat.com Red Hat, Inc.
9:35 a.m.
Jan,
I appreciate your input and help. sorry for the delay, I'm finally
getting back to this project.
to answer some of your questions. I am starting the container with
--network=testmac1
I used you config but unfortunately, I get the same result, not
receiving any traffic back to the container. Do you have any kind of
special routes added to the host that would be affecting things?
podman network ls is showing the testmac1 network. here is the out put of
ip -a inside the container
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen
1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc
noqueue state UP
link/ether e2:bb:95:70:e1:6a brd ff:ff:ff:ff:ff:ff
inet 10.89.0.6/24 brd 10.89.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::e0bb:95ff:fe70:e16a/64 scope link
valid_lft forever preferred_lft forever
here is the output of ip -r
default via 10.89.0.1 dev eth0
10.89.0.0/24 dev eth0 proto kernel scope link src 10.89.0.6
ultimately, the whole issue is that I need to Multicast traffic, that is
hitting the physical host, to be forwarded to the container. From what I
can tell, that isn;t possible with the default bridge device podman uses.
There were a few mentions of macvlan being able to do this. If I am
missing something simple, that would be great and would love for someone to
point it out to me :) . the only way I have managed this is by using
--network-host. However, the requirements for this project are that the
container can ssh to other physical jenkins nodes, be able to receive
multicast traffic AND ssh to itself (ssh ${HOSTNAME}). when using the
host network, ssh ${HOSTNAME} just connects back to the physical host.
thanks for any other help you can offer.
-Rusty
On Fri, Feb 26, 2021 at 2:15 PM Jan Hutař <jhutar(a)redhat.com> wrote:
On 2021-02-25 16:03 -0500, Rusty Sapper wrote:
>I’m having trouble setting up a macvlan. I created my config under
>/etc/cni/net.d and can successfully start my continater with the macvlan
>network.
>
>However, when I exec into the container, it has no network access to
>anything except itself. I apologize, I'm new to podman. I need to be
able
>to ssh into other hosts(jenkins nodes) to run tests. I am unable to use
>the host network due to other requirements.
>
>Any help would be appreciated. here is my macvlan config:
>{
> "cniVersion": "0.4.0",
> "name": "testmac1",
> "plugins": [
> {
> "type": "macvlan",
> "master": "eno1np0",
> "ipam": {
> "type": "host-local",
> "routes": [
> {
> "dst": "0.0.0.0/0"
> }
> ],
> "ranges": [
> [
> {
> "subnet": "10.89.0.0/24",
> "gateway": "10.89.0.1"
> }
> ]
> ]
> }
> },
> {
> "type": "portmap",
> "capabilities": {
> "portMappings": true
> }
> }
> ]
>}
>~
Hello,
although I admit I do not know what am I doing, I got externally
accessible containers via macvlan working. I do not have a "portmap"
plugin, but mine config have this:
{
"type": "tuning",
"capabilities": {
"mac": true
}
}
Whole config that works for me (as an ansible template) looks like this:
{
"cniVersion": "0.4.0",
"name": "macvlanprivate",
"plugins": [
{
"type": "macvlan",
"master": "ens4",
"ipam": {
"type": "host-local",
"ranges": [
[
{
"subnet": "{{ (private_ip + '/' +
private_netmask) |
ipaddr('0') }}",
"gateway": "{{ private_gw }}",
"rangeStart": "{{ (private_ip + '/' +
containers_netmask) | ipaddr('1') | ipaddr('address') }}",
"rangeEnd": "{{ (private_ip + '/' +
containers_netmask)
| ipaddr('-4') | ipaddr('address') }}"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0"
}
]
}
},
{
"type": "tuning",
"capabilities": {
"mac": true
}
}
]
}
Also can you ping your 10.89.0.1 from your container host? Are you
running your host with:
podman run --net testmac1 ...
Is following showing your network config?
podman network ls
Can you see IP in:
podman inspect --format
"{{.NetworkSettings.Networks.testmac1.IPAddress}}"
"<container>"
What does `ip a` and `ip r` say in the container?
Just trying obvious as nobody answered yet :) Feel free to ignore me.
Regards,
Jan
--
Jan Hutar Performance Engineering
jhutar(a)redhat.com Red Hat, Inc.
9:06 a.m.
On 25/02/2021 21:03, Rusty Sapper wrote:
I’m having trouble setting up a macvlan. I created my
config under /etc/cni/net.d and can successfully start my
continater with the macvlan network.
However, when I exec into the container, it has no network
access to anything except itself. I apologize, I'm new to
podman. I need to be able to ssh into other hosts(jenkins
nodes) to run tests. I am unable to use the host network
due to other requirements.
Any help would be appreciated. here is my macvlan config:
{
"cniVersion": "0.4.0",
"name": "testmac1",
"plugins": [
{
"type": "macvlan",
"master": "eno1np0",
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0 <http://0.0.0.0/0>"
}
],
"ranges": [
[
{
"subnet": "10.89.0.0/24
<http://10.89.0.0/24>";,
"gateway": "10.89.0.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
~
I think that's how it "is". I do not know whether it's by
design but with macvlan those namespaces are separate and
_no_ container <=> host but that container should have
access to "outside" and vice versa, that's what I get with
macvlans.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
9:19 a.m.
Does https://www.redhat.com/sysadmin/leasing-ips-podman help?
On Thu, 2021-02-25 at 16:03 -0500, Rusty Sapper wrote:
I’m having trouble setting up a macvlan. I created my config under
/etc/cni/net.d and can successfully start my continater with the
macvlan network.
However, when I exec into the container, it has no network access to
anything except itself. I apologize, I'm new to podman. I need to be
able to ssh into other hosts(jenkins nodes) to run tests. I am unable
to use the host network due to other requirements.
Any help would be appreciated. here is my macvlan config:
{
"cniVersion": "0.4.0",
"name": "testmac1",
"plugins": [
{
"type": "macvlan",
"master": "eno1np0",
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.89.0.0/24",
"gateway": "10.89.0.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
~
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
1:05 p.m.
On 01/03/2021 14:19, Brent Baude wrote:
Should there be substantial differences between versions?
The problem which original message describes I see with
podman-2.2.1-7.module_el8.3.0+699+d61d9c41.x86_64
-> $ podman run -it --rm --pod=cloud-${HOSTNAME%%.*} --name
alpine docker.io/library/alpine
/ # ip addr ls dev eth0
2: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu
1450 qdisc noqueue state UP
link/ether e2:64:21:37:bb:e5 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.116/24 brd 10.0.1.255 scope global eth0
/ # ping 10.0.1.8
PING 10.0.1.8 (10.0.1.8): 56 data bytes
which hangs with no reply, whereas
podman-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64
(surely other components as underlying OS too):
-> $ podman run -it --rm --pod=cloud-${HOSTNAME%%.*} --name
alpine docker.io/library/alpine
2: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu
1500 qdisc noqueue state UP
link/ether 3e:d8:0c:9d:ee:f1 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.243/24 brd 10.1.1.255 scope global eth0
/ # ping 10.1.1.224
PING 10.1.1.224 (10.1.1.224): 56 data bytes
64 bytes from 10.1.1.224: seq=0 ttl=64 time=0.239 ms
In both cases targets to ping are some devices on local
subnet which targets are available, reachable by both
hosts(different boxes and OSes to clarify)
Maybe there is something to it.
regards, L.
1361
days inactive
1367
days old
5 comments
4 participants
participants (4)
-
Brent Baude -
Jan Hutař -
lejeczek -
Rusty Sapper