-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing ip address with rootless container #2356
Comments
FYI running with |
@giuseppe should we just use the host's IP for inspect in the slirp4netns
case?
Then again, I don't think we do that for net=host, so maybe just
documenting it is better
…On Sun, Feb 17, 2019, 08:56 Ivan Necas ***@***.*** wrote:
FYI running with sudo works, because it's not using slirp4netns mode in
that case. I would however like to avoid running as root, if possible (and
my understanding is it should be possible with podman)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2356 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHYHCC3obYoWO8onaTjoY8eC0MtcNdBTks5vOV96gaJpZM4a_kee>
.
|
I've also found #1453 (comment), which makes me think that it's actually not possible to use the ip address anyway. I guess the port-forwarding would help here, not sure if that is supposed to work or not yet. In general, some tutorial/docs on various networking options and requirements would be helpful, so that future users don't have to open issues like this (or please forward me to such doc, if it already exists). |
It should work now. (Requires slirp4netns v0.3.0-alpha.X or later) |
Only with current upstream Podman, though - 1.0.0 in Fedora is still too early |
In fedora the latest slirp4netns I see is: latestf29 slirp4netns latestf30 slirp4netns |
I have kicked off builds of the newer version for Fedora. We need updated versions for RHEL7 & RHEL8. |
No need for RHEL yet - we don't have the code to talk to the new slirp4netns in either yet, so we can't use the port forwarding functionality. Will need 1.1.0 or higher for that. |
Well the goal is to get 1.1 out Soon. |
yes, there is no way to actually use the rootless IP address. A rootless container gets its IP address inside of its network namespace but there is no way to use it from outside. Showing an IP in the inspect output could be confusing, also all rootless containers have the same IP, which is fine since they cannot really communicate with each other. Should we document it somehow or show some different notation? |
Yes we should document this. |
Thanks for responses. The documentation would definitely help. Additional question, while on this topic: is there a way how to set minimal permissions and use different networking model, that would allow the containers to have an their own IP that would be reachable from the host machine? Basically using the required permissions just for the networking part, but the rest of the logic for setting up the container would use just an ordinary user. Or is this technically impossible. Sorry in case it's a stupid question, but it's a question I believe more people might ask. |
Thanks @rhatdan for the new builds: I've updated slirp4netns and the port forwarding works now for me. |
This is what LXC does. ( |
As @AkihiroSuda pointed out, there is |
I think at least the tutorial should be updated at https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#familiarizing-yourself-with-podman so that it's not misleading the folks tying it for the first time. |
@iNecas Could you open a PR to state what you think the tutorial should say? |
Was planning to unless somebody would be faster |
I ran into this issue and wasted a couple of hours, so I would appreciate an update to the tutorial. To me it looked like an error. |
@TomSweeneyRedHat Could you take care of this, or even better @tkrypton Could you open a PR to change the tutorial to state what you would have liked to have seen? |
Added pull request #2817 which should fix the issue. |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Steps to reproduce the issue:
follow https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#familiarizing-yourself-with-podman
as part of the tutorial, run
podman inspect -l | grep IPAddress\"
Describe the results you received:
Describe the results you expected:
I would expect the ip address to be available and I could access the service running
in the container.
In case it's meant to not work in rootless case, it should be mentioned in the tutorial.
Additional information you deem important (e.g. issue happens only occasionally):
Running
ip addr
inside the container gives me:Trying
curl http://10.0.2.100:8080
doesn't work either.I might be just missing something, but so far no luck getting this running.
Output of
podman version
:Tried both with fedora 29 latest (
1.0.0
) as well as a build from source:Output of
podman info
:Additional environment details (AWS, VirtualBox, physical, etc.):
Physical host
Other debug info
Output of
The text was updated successfully, but these errors were encountered: