podman run breaks if iptables is not installed #4972
Description
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
podman run breaks if a port forward is specified and iptables is not installed (at least on Ubuntu Bionic). This is different from #3655:
- Podman assumes iptables/ip6tables exists in $PATH. #3655 is for the case where an
iptablesbinary is present, but$PATHis not configured to point to it. - This issue is for the case of a completely absent
iptablesbinary.
Most users don't see this, because iptables is most likely already installed if you're running podman in a "normal" desktop or server installation. However, in a barebones environment the iptables binary may be absent (in my case, a Xen VM initialized with xen-create-image, but I suspect this issue applies to any system initialized with debootstrap.)
The simple one-line fix is adding apt-get install iptables to the installation instructions.
A more "proper" fix would be adding iptables as a dependency of the Ubuntu package. Feel free to file a bug report in a more appropriate place if this repo isn't the right place to report packaging issues with the Ubuntu package.
Steps to reproduce the issue:
-
I used Xen, but this may be simpler to repro with
debootstrap/chroot. Steps 1-3 are what I actually did which caused the issue, but I'm pretty suredebootstrap/chrootwill reproduce the issue more conveniently if you don't have a Xen dom0 handy. -
Create Xen image with
xen-create-image --dist=bionic, usexl createto start a Xen VM. -
Log into the Xen VM, install
podmanusing the commands listed here. -
As root, attempt
podman run -p 9999:9999with some container.
Describe the results you received:
ERRO[0000] Error adding network: failed to locate iptables: exec: "iptables": executable file not found in $PATH
ERRO[0000] Error while adding pod to CNI network "podman": failed to locate iptables: exec: "iptables": executable file not found in $PATH
Error: error configuring network namespace for container 7ec0af684378eca34e24f62eb0ad4afabf42f8ed7d41b799e5037ed87a95882b: failed to locate iptables: exec: "iptables": executable file not found in $PATH
Describe the results you expected:
A running container.
Additional information you deem important (e.g. issue happens only occasionally):
Output of podman version:
Version: 1.7.0
RemoteAPI Version: 1
Go Version: go1.10.1
OS/Arch: linux/amd64
Output of podman info --debug:
debug:
compiler: gc
git commit: ""
go version: go1.10.1
podman version: 1.7.0
host:
BuildahVersion: 1.12.0
CgroupVersion: v1
Conmon:
package: 'conmon: /usr/libexec/podman/conmon'
path: /usr/libexec/podman/conmon
version: 'conmon version 2.0.10, commit: unknown'
Distribution:
distribution: ubuntu
version: "18.04"
MemFree: 228179968
MemTotal: 882274304
OCIRuntime:
name: runc
package: 'cri-o-runc: /usr/lib/cri-o-runc/sbin/runc'
path: /usr/lib/cri-o-runc/sbin/runc
version: 'runc version spec: 1.0.1-dev'
SwapFree: 536866816
SwapTotal: 536866816
arch: amd64
cpus: 1
eventlogger: journald
hostname: bastion
kernel: 4.15.0-74-generic
os: linux
rootless: false
uptime: 3h 27m 47s (Approximately 0.12 days)
registries:
search:
- docker.io
- quay.io
store:
ConfigFile: /etc/containers/storage.conf
ContainerStore:
number: 2
GraphDriverName: overlay
GraphOptions: {}
GraphRoot: /var/lib/containers/storage
GraphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
ImageStore:
number: 1
RunRoot: /var/run/containers/storage
VolumePath: /var/lib/containers/storage/volumes
Package info (e.g. output of rpm -q podman or apt list podman):
Listing... Done
podman/unknown,now 1.7.0~3 amd64 [installed]
Additional environment details (AWS, VirtualBox, physical, etc.):