Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cap-add NET_ADMIN #62

Closed
gitdeath opened this issue Dec 28, 2021 · 9 comments
Closed

cap-add NET_ADMIN #62

gitdeath opened this issue Dec 28, 2021 · 9 comments
Labels
bug

Comments

@gitdeath
Copy link

Services with cap-add NET_ADMIN do not restart with cap-add functions after being updated by Sheperd.
@djmaze djmaze added the bug label Jan 2, 2022
@djmaze
Copy link
Collaborator

djmaze commented Jan 2, 2022

That sounds like a docker bug to me.

@gitdeath Can you try just updating your service manually with docker service update --image=<IMAGE> <SERVICE> and see if the problem occurs as well?

@gitdeath
Copy link
Author

gitdeath commented Jan 2, 2022
edited
Loading

This is how I've always done it in the past and it works just fine. I suspect is has something to do with shepherd being a container without capabilities. I will run shepherd with --cap-add=all and see if that allows this to work.

That sounds like a docker bug to me.

@gitdeath Can you try just updating your service manually with docker service update --image=<IMAGE> <SERVICE> and see if the problem occurs as well?

@gitdeath
Copy link
Author

gitdeath commented Jan 2, 2022

This is how I've always done it in the past and it works just fine. I suspect is has something to do with shepherd being a container without capabilities. I will run shepherd with --cap-add=all and see if that allows this to work.

That sounds like a docker bug to me.
@gitdeath Can you try just updating your service manually with docker service update --image=<IMAGE> <SERVICE> and see if the problem occurs as well?

Running Shepherd with --cap-add=all didn't help.

@djmaze
Copy link
Collaborator

djmaze commented Jan 2, 2022

Well.. You could also run the shepherd script directly on the host.. That should work in principle. Then you can see if it makes a difference.

@gitdeath gitdeath mentioned this issue Jan 2, 2022
Closed
@gitdeath
Copy link
Author

gitdeath commented Jan 3, 2022

I think I found the problem. The docker cli version in the container build doesn't meet the requirements to use --cap-add= in the command line.

bash-5.0# docker service update --cap-add=NET_ADMIN <service name>
unknown flag: --cap-add

bash-5.0# docker version
Client: Docker Engine - Community
 Version:           19.03.8

The required cli version is 20.10

@gitdeath
Copy link
Author

gitdeath commented Jan 3, 2022

Looks like this is due to Dockerhub environment variable setting for the ARM image.

ARM = ENV DOCKER_VERSION=19.03.8
ARM64 = ENV DOCKER_VERSION=20.10.7
AMD64 = ENV DOCKER_VERSION=20.10.7

@djmaze
Copy link
Collaborator

djmaze commented Jan 3, 2022
edited
Loading

Ah, you are using it on ARM. Well.. That makes it a different story.

The official armhf docker builds have been broken since 19.03. And as far as I heard, it seems they won't be coming back.

That's why I built an image on my old arm machine manually some time ago. I guess we could use that for shepherd's armhf builds as well.

@gitdeath
Copy link
Author

gitdeath commented Jan 4, 2022

Well my fix was to redeploy my swarm as arm64. :-)

@gitdeath gitdeath closed this as completed Jan 7, 2022
@djmaze
Copy link
Collaborator

djmaze commented Jan 10, 2022

FYI, mazzolino/shepherd:latest is now based on docker 20.10 on all architectures (including armhf).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djmaze @gitdeath