failed to call cni.Setup: plugin type="macvlan" failed (add): Link not found

[adoyle-h]

Description

I want to create a container with macvlan network. But it failed when start container. It reports "Link not found" but actually the network device is existed.

I have read the document.

Steps to reproduce the issue

1. nerdctl network create adguard --driver macvlan -o mode=bridge -o parent=enp1s0 --gateway=192.168.1.2 --subnet=192.168.1.0/24
2. nerdctl run -it --network adguard adguard/adguardhome:v0.107.38

Describe the results you received and expected

> nerdctl run -it --network adguard adguard/adguardhome:v0.107.38
FATA[0000] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2023-09-13T03:07:37+08:00" level=fatal msg="failed to call cni.Setup: plugin type=\"macvlan\" failed (add): Link not found"
Failed to write to log, write /home/adoyle/.local/share/nerdctl/1935db59/containers/default/2a881648d06c97c85bca42b7797149c253621e64427abd10731d955f3d8379f3/oci-hook.createRuntime.log: file already closed: unknown

> cat ~/.config/cni/net.d/nerdctl-adguard.conflist
{
  "cniVersion": "1.0.0",
  "name": "adguard",
  "nerdctlID": "253c581cf9cdef5cb2731ce55dbc714d3650056b663f9b3f60c5511f2f4e8436",
  "nerdctlLabels": {},
  "plugins": [
    {
      "type": "macvlan",
      "master": "enp1s0",
      "mode": "bridge",
      "ipam": {
        "ranges": [
          [
            {
              "gateway": "192.168.1.2",
              "subnet": "192.168.1.0/24"
            }
          ]
        ],
        "routes": [
          {
            "dst": "0.0.0.0/0"
          }
        ],
        "type": "host-local"
      }
    }
  ]
}

The enp1s0 device is existed.

> ip a show enp1s0
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 7c:83:34:b9:d3:d1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global dynamic enp1s0
       valid_lft 79415sec preferred_lft 79415sec
    inet6 fe80::c930:f189:d3ba:fe04/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

What version of nerdctl are you using?

nerdctl version 1.5.0
rootless installed.

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

Client:
Namespace: default
Debug Mode: false

Server:
Server Version: v1.7.2
Storage Driver: overlayfs
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Log: fluentd journald json-file syslog
Storage: native overlayfs
Security Options:
seccomp
Profile: default
cgroupns
rootless
Kernel Version: 6.3.9-arch1-1
Operating System: Arch Linux
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.4GiB
Name: A02
ID: 7ad6f773-a5c1-4e54-9d91-c881dfd0972a

[AkihiroSuda]

Please try sudo nerdctl

[adoyle-h]

> sudo nerdctl run -it --network adguard adguard/adguardhome:v0.107.38
FATA[0000] cannot access containerd socket "/run/containerd/containerd.sock": no such file or directory

I am using the rootless nerdctl. @AkihiroSuda

[AkihiroSuda]

Macvlan is unsupported for rootless.

[adoyle-h]

@AkihiroSuda I tried it in root mode. And get another error.

FATA[0000] error while executing [/usr/bin/nerdctl network create --label=com.docker.compose.project=adguard-home --label=com.docker.compose.network=adguard --driver=macvlan --opt=parent=enp1s0 --subnet=192.168.1.0/24 --gateway=192.168.1.2 adguard-home_adguard]: "time=\"2023-09-13T16:10:44+08:00\" level=fatal msg=\"subnet 192.168.1.0/24 overlaps with other one on this address space\"\n": exit status 1

I want to assign LAN ip like 192.168.1.20 to a container. Why the macvlan subnet cannot overlaps with host network?

Here is my host device link info.

2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 7c:83:34:b9:d3:d1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global dynamic noprefixroute enp1s0
       valid_lft 81287sec preferred_lft 81287sec
    inet6 fe80::c930:f189:d3ba:fe04/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

And I tried it on Docker with same commands. It works.

[fahedouch]

Please use dhcp server for more flexible configuration https://github.com/containerd/nerdctl/blob/main/docs/cni.md#macvlanipvlan-networks

Why the macvlan subnet cannot overlaps with host network?

Containers subnet should be under the same network as the parent (phyisical) network that means network overlapping if not permited

Please ensure that your host ips do not overlap with 192.168.1.0/24