e2e: cni? create two containers with the same IP #18399

edsantiago · 2023-05-01T11:59:14Z

Resurrection of #7096, but as new issue to establish clean context. This is only happening with cni, not netavark. And only on create, never on run. So far.

  Podman create two containers with the same IP
...
# podman [options] create --log-driver k8s-file --name test1 --ip 10.88.30.100 quay.io/libpod/alpine:latest sleep 999
406b928fe0375988d1f219f7a3567385dd270817d633ae4b919c2631ca7a1dd7
# podman [options] create --log-driver k8s-file --name test2 --ip 10.88.30.100 quay.io/libpod/alpine:latest ip addr
c76d84306fb9947762a5bd7ae84bbffda08f3e737a45e6d7915a5b2e7a0782d0
# podman [options] start test1
test1
# podman [options] inspect --format {{.State.Status}} {{.NetworkSettings.IPAddress}} test1
running 10.88.30.100
^^^^^^^^^^^^^^^^^^^^ So far, so good

# podman [options] start -a test2
...
2: eth0@if1038: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    link/ether 82:d7:1c:fb:bd:bd brd ff:ff:ff:ff:ff:ff
    inet 10.88.30.100/16 brd 10.88.255.255 scope global eth0
         ^^^^^^^^^^^^^^^ NOT GOOD!  Also, WHY /16??? Is this a clue?
...

Test fails because second container should refuse to start.

fedora-36 : int podman fedora-36 root container sqlite
- 03-28-2023 22:06 in Podman create with --ip flag [It] Podman create two containers with the same IP
- 03-28-2023 11:11 in Podman create with --ip flag [It] Podman create two containers with the same IP
fedora-36 : int remote fedora-36 root host sqlite [remote]
- 04-24 12:44 in Podman create with --ip flag [It] Podman create two containers with the same IP
fedora-37 : int podman fedora-37 root container sqlite
- 04-27 13:36 in Podman create with --ip flag [It] Podman create two containers with the same IP

The text was updated successfully, but these errors were encountered:

Luap99 · 2023-05-02T08:40:42Z

Wait I thought f37 means netavark, so I was fooled by that.

Ok yeah quick look in the e2e tests show that we do something that this is completely wrong??? 55508c1
This is not safe in parallel testing and can cause all sorts of weird flakes. If another test deletes this directory when the between the first and second container start then it will work and cause the flake.

This is not safe at all when run in parallel, CNI needs that directory to detect duplicated ips and also stores other important network info in it. Removing it while container network is setup is not safe at all and could cause a lot of weird flakes. This "hack" was added in commit 55508c1 but provides zero context what this was supposed to fix so I don't know what the actual issue is or was. Fixes containers#18399 Signed-off-by: Paul Holzinger <[email protected]>

edsantiago · 2023-05-02T10:15:11Z

"f37 means netavark" -- up until last week, #18326. Thanks for the quick fix!

edsantiago added the flakes Flakes from Continuous Integration label May 1, 2023

Luap99 self-assigned this May 2, 2023

Luap99 mentioned this issue May 2, 2023

test/e2e: do not remove CNI directory #18409

Merged

openshift-merge-robot closed this as completed in #18409 May 2, 2023

github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Aug 25, 2023

github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

e2e: cni? create two containers with the same IP #18399

e2e: cni? create two containers with the same IP #18399

edsantiago commented May 1, 2023

Luap99 commented May 2, 2023

edsantiago commented May 2, 2023

e2e: cni? create two containers with the same IP #18399

e2e: cni? create two containers with the same IP #18399

Comments

edsantiago commented May 1, 2023

Luap99 commented May 2, 2023

edsantiago commented May 2, 2023