Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dual-stack networks always have the same subnet and gateway address for IPv4 #274

Closed
ivanov17 opened this issue Jul 24, 2021 · 2 comments
Closed

Dual-stack networks always have the same subnet and gateway address for IPv4 #274

ivanov17 opened this issue Jul 24, 2021 · 2 comments

Comments

@ivanov17
Copy link

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Dual-stack networks created with containers.podman.podman_network module always have the same subnet and gateway address for IPv4.

Steps to reproduce the issue:

  1. (optional) Remove default podman network

  2. Create first dual-stack network

  3. Create second dual-stack network

Describe the results you received:

Both of dual-stack networks have the same subnet and gateway address for IPv4:

# podman network inspect dualstack_a dualstack_b
[
    {
        "cniVersion": "0.4.0",
        "name": "dualstack_a",
        "plugins": [
            {
                "bridge": "cni-podman0",
                "hairpinMode": true,
                "ipMasq": true,
                "ipam": {
                    "ranges": [
                        [
                            {
                                "gateway": "fd10:88:a::1",
                                "subnet": "fd10:88:a::/64"
                            }
                        ],
                        [
                            {
                                "gateway": "10.88.2.1",
                                "subnet": "10.88.2.0/24"
                            }
                        ]
                    ],
                    "routes": [
                        {
                            "dst": "::/0"
                        },
                        {
                            "dst": "0.0.0.0/0"
                        }
                    ],
                    "type": "host-local"
                },
                "isGateway": true,
                "type": "bridge"
            },
            {
                "capabilities": {
                    "portMappings": true
                },
                "type": "portmap"
            },
            {
                "backend": "",
                "type": "firewall"
            },
            {
                "type": "tuning"
            }
        ]
    },
    {
        "cniVersion": "0.4.0",
        "name": "dualstack_b",
        "plugins": [
            {
                "bridge": "cni-podman1",
                "hairpinMode": true,
                "ipMasq": true,
                "ipam": {
                    "ranges": [
                        [
                            {
                                "gateway": "fd10:88:b::1",
                                "subnet": "fd10:88:b::/64"
                            }
                        ],
                        [
                            {
                                "gateway": "10.88.2.1",
                                "subnet": "10.88.2.0/24"
                            }
                        ]
                    ],
                    "routes": [
                        {
                            "dst": "::/0"
                        },
                        {
                            "dst": "0.0.0.0/0"
                        }
                    ],
                    "type": "host-local"
                },
                "isGateway": true,
                "type": "bridge"
            },
            {
                "capabilities": {
                    "portMappings": true
                },
                "type": "portmap"
            },
            {
                "backend": "",
                "type": "firewall"
            },
            {
                "type": "tuning"
            }
        ]
    }
]

Describe the results you expected:

I expect that different dual-stack networks would have different subnets and gateway addresses both for IPv6 and IPv4.

Version of the containers.podman collection:
Either git commit if installed from git: git show --summary
Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

$ ansible-galaxy collection install --force containers.podman
Process install dependency map
Starting collection install process
Installing 'containers.podman:1.6.1' to '/home/ivanov/.ansible/collections/ansible_collections/containers/podman'

Output of ansible --version:

$ ansible --version
ansible 2.9.23
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ivanov/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.6 (default, Jul 16 2021, 00:00:00) [GCC 11.1.1 20210531 (Red Hat 11.1.1-3)]

Output of podman version:

# podman version
Version:      3.0.2-dev
API Version:  3.0.0
Go Version:   go1.15.7
Built:        Fri Jun 11 18:58:44 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

# podman info --debug
host:
  arch: amd64
  buildahVersion: 1.19.8
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.26-3.module_el8.4.0+830+8027e1c4.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.26, commit: 9dea73702793340168deaa5a0d21ca5ce1fcb5d7'
  cpus: 2
  distribution:
    distribution: '"centos"'
    version: "8"
  eventLogger: file
  hostname: centos.internal
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 4.18.0-305.7.1.el8_4.x86_64
  linkmode: dynamic
  memFree: 689606656
  memTotal: 1905274880
  ociRuntime:
    name: runc
    package: runc-1.0.0-73.rc93.module_el8.4.0+830+8027e1c4.x86_64
    path: /usr/bin/runc
    version: |-
      runc version spec: 1.0.2-dev
      go: go1.15.7
      libseccomp: 2.5.1
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    selinuxEnabled: true
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 1073737728
  swapTotal: 1073737728
  uptime: 24h 40m 8.32s (Approximately 1.00 days)
registries:
  localhost:5000:
    Blocked: false
    Insecure: true
    Location: localhost:5000
    MirrorByDigestOnly: false
    Mirrors: []
    Prefix: localhost:5000
  search:
  - registry.access.redhat.com
  - registry.centos.org
  - registry.fedoraproject.org
  - registry.opensuse.org
  - docker.io
  - quay.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 21
    paused: 0
    running: 0
    stopped: 21
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageStore:
    number: 13
  runRoot: /var/run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 3.0.0
  Built: 1623427124
  BuiltTime: Fri Jun 11 18:58:44 2021
  GitCommit: ""
  GoVersion: go1.15.7
  OsArch: linux/amd64
  Version: 3.0.2-dev

Package info (e.g. output of rpm -q podman or apt list podman):

# rpm -q podman
podman-3.0.1-7.module_el8.4.0+830+8027e1c4.x86_64

Playbok you run with ansible (e.g. content of playbook.yaml):

- ansible.builtin.file:
    path: /etc/cni/net.d/87-podman-bridge.conflist
    state: absent
  become: true

- containers.podman.podman_network:
    name: dualstack_a
    driver: bridge
    ipv6: yes
    gateway: "fd10:88:a::1"
    subnet: "fd10:88:a::/64"
    state: present
  become: true

- containers.podman.podman_network:
    name: dualstack_b
    driver: bridge
    ipv6: yes
    gateway: "fd10:88:b::1"
    subnet: "fd10:88:b::/64"
    state: present
  become: true

Command line and output of ansible run with high verbosity

Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:

ansible-playbook -i inventory --diff -vv playbook.yml

$ ansible-playbook test.yml --inventory testing.yml -vv
ansible-playbook 2.9.23
  config file = /home/ivanov/ansible/ansible.cfg
  configured module search path = ['/home/ivanov/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 3.9.6 (default, Jul 16 2021, 00:00:00) [GCC 11.1.1 20210531 (Red Hat 11.1.1-3)]
Using /home/ivanov/ansible/ansible.cfg as config file
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.

PLAYBOOK: test.yml ***************************************************************************************
1 plays in test.yml

PLAY [main] **********************************************************************************************

TASK [Gathering Facts] ***********************************************************************************
task path: /home/ivanov/ansible/test.yml:3
ok: [host01]
META: ran handlers

TASK [ansible.builtin.file] ******************************************************************************
task path: /home/ivanov/ansible/test.yml:851
changed: [host01] => {"changed": true, "path": "/etc/cni/net.d/87-podman-bridge.conflist", "state": "absent"}

TASK [containers.podman.podman_network] ******************************************************************
task path: /home/ivanov/ansible/test.yml:856
changed: [host01] => {"actions": ["created dualstack_a"], "changed": true, "network": {"cniVersion": "0.4.0", "name": "dualstack_a", "plugins": [{"bridge": "cni-podman0", "hairpinMode": true, "ipMasq": true, "ipam": {"ranges": [[{"gateway": "fd10:88:a::1", "subnet": "fd10:88:a::/64"}], [{"gateway": "10.88.2.1", "subnet": "10.88.2.0/24"}]], "routes": [{"dst": "::/0"}, {"dst": "0.0.0.0/0"}], "type": "host-local"}, "isGateway": true, "type": "bridge"}, {"capabilities": {"portMappings": true}, "type": "portmap"}, {"backend": "", "type": "firewall"}, {"type": "tuning"}]}, "podman_actions": ["podman network create dualstack_a --driver bridge --ipv6=True --gateway fd10:88:a::1 --subnet fd10:88:a::/64"], "stderr": "", "stderr_lines": [], "stdout": "/etc/cni/net.d/dualstack_a.conflist\n", "stdout_lines": ["/etc/cni/net.d/dualstack_a.conflist"]}

TASK [containers.podman.podman_network] ******************************************************************
task path: /home/ivanov/ansible/test.yml:865
changed: [host01] => {"actions": ["created dualstack_b"], "changed": true, "network": {"cniVersion": "0.4.0", "name": "dualstack_b", "plugins": [{"bridge": "cni-podman1", "hairpinMode": true, "ipMasq": true, "ipam": {"ranges": [[{"gateway": "fd10:88:b::1", "subnet": "fd10:88:b::/64"}], [{"gateway": "10.88.2.1", "subnet": "10.88.2.0/24"}]], "routes": [{"dst": "::/0"}, {"dst": "0.0.0.0/0"}], "type": "host-local"}, "isGateway": true, "type": "bridge"}, {"capabilities": {"portMappings": true}, "type": "portmap"}, {"backend": "", "type": "firewall"}, {"type": "tuning"}]}, "podman_actions": ["podman network create dualstack_b --driver bridge --ipv6=True --gateway fd10:88:b::1 --subnet fd10:88:b::/64"], "stderr": "", "stderr_lines": [], "stdout": "/etc/cni/net.d/dualstack_b.conflist\n", "stdout_lines": ["/etc/cni/net.d/dualstack_b.conflist"]}
META: ran handlers
META: ran handlers

PLAY RECAP ***********************************************************************************************
host01                     : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Additional environment details (AWS, VirtualBox, physical, etc.):

Host machine with Ansible:

$ cat /etc/redhat-release 
Fedora release 34 (Thirty Four)

Virtual machine with Podman:

$ cat /etc/redhat-release 
CentOS Linux release 8.4.2105
@ivanov17
Copy link
Author

ivanov17 commented Jul 24, 2021
edited
Loading

Hmm... The same results with the command line. It occurrs both with podman 3.0.2-dev on CentOS 8.4, as with podman 3.2.2 on Fedora 34. It seems it's a podman bug.

UPD: I've reported this bug at Podman Issues: containers/podman#11032

@sshnaidm
Copy link
Member

@ivanov17 thanks for reporting for podman. Let's wait until it's fixed there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ivanov17 @sshnaidm