[CI:DOCS] Updated Troubleshooting.md Closes #5431 #11245
Conversation
troubleshooting.md
Outdated
| @@ -746,3 +746,141 @@ an Infra container image for CNI-in-slirp4netns must be created. The | |||
| instructions for building the Infra container image can be found for | |||
| v2.2.1 [here](https://github.com/containers/podman/tree/v2.2.1-rhel/contrib/rootless-cni-infra), | |||
| and for v3.0.1 [here](https://github.com/containers/podman/tree/v3.0.1-rhel/contrib/rootless-cni-infra). | |||
|
|
|||
| ### 29) Container related firewall rules are lost after reloading firewalld | |||
| Container network can't be reached after `firewall-cmd --reload` and `systemctl restart firewalld` | |||
There was a problem hiding this comment.
Lint is complaining there's trailing whitespace on this line - remove the extra space at the end and CI will pass.
There was a problem hiding this comment.
Hey, I removed the trailing whitespace and pushed the commit that should do it, hopefully.
There was a problem hiding this comment.
I think I messed up badly with the git commits my git log is also not in order for some reason.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: afro-coder, mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
This commit adds additional until filter to podman pod ps (ls/list). Additionally, it also adds descriptions for podman pod ps filters available via http api. Signed-off-by: Jakub Guzik <[email protected]>
rhatdan
changed the title
|
I think I've really messed up the repo branch, and I don't think I know how to fix this. I did a git reset now to the original to check if that fixes it. If that doesn't then I'm not sure what to do next |
| @@ -746,3 +746,139 @@ an Infra container image for CNI-in-slirp4netns must be created. The | |||
| instructions for building the Infra container image can be found for | |||
| v2.2.1 [here](https://github.com/containers/podman/tree/v2.2.1-rhel/contrib/rootless-cni-infra), | |||
| and for v3.0.1 [here](https://github.com/containers/podman/tree/v3.0.1-rhel/contrib/rootless-cni-infra). | |||
|
|
|||
| ### 29) Container related firewall rules are lost after reloading firewalld | |||
| Container network can't be reached after `firewall-cmd --reload` and `systemctl restart firewalld` Running `podman network reload` will fix it but it has to be done manually. | |||
There was a problem hiding this comment.
Suggest (Don't spoil the suprise ending until you get to the solution!):
The container's network cannot be reached after the commands firewall-cmd --reload or systemctl restart firewalld are invoked.
| Container network can't be reached after `firewall-cmd --reload` and `systemctl restart firewalld` Running `podman network reload` will fix it but it has to be done manually. | ||
|
|
||
| #### Symptom | ||
| The firewall rules created by podman are lost when the firewall is reloaded. |
There was a problem hiding this comment.
podman -> Podman
except for actual commands.
| The firewall rules created by podman are lost when the firewall is reloaded. | ||
|
|
||
| #### Solution | ||
| [@ranjithrajaram](https://github.com/containers/podman/issues/5431#issuecomment-847758377) has created a systemd-hook to fix this issue |
| #### Solution | ||
| [@ranjithrajaram](https://github.com/containers/podman/issues/5431#issuecomment-847758377) has created a systemd-hook to fix this issue | ||
|
|
||
| 1) For "firewall-cmd --reload", create a systemd unit file with the following |
| However, If you use busctl monitor then you can't get machine-readable output on `RHEL 8`. | ||
| Since it doesn't have `busctl -j` as mentioned here by [@yrro](https://github.com/containers/podman/issues/5431#issuecomment-896943018). | ||
|
|
||
| For RHEL 8, you can use the following one-liner bash script. |
There was a problem hiding this comment.
I'd drop "one-liner" as it looks to be several lines.
| [Install] | ||
| WantedBy=multi-user.target | ||
| ``` | ||
| `busctl-monitor` is almost usable in `RHEL 8`, except that it always outputs two bogus events when it starts up, |
| one of which is (in its only machine-readable format) indistinguishable from the `NameOwnerChanged` that you get when firewalld starts up. | ||
| This means you would get an extra `podman network reload --all` when this unit starts. | ||
|
|
||
| Apart from this, you can use the following systemd service with the python3 code. |
There was a problem hiding this comment.
I'd end this with "... systemd service:"
| [Install] | ||
| WantedBy=multi-user.target | ||
| ``` | ||
| The code reloads podman network twice when you use `systemctl restart firewalld`. |
There was a problem hiding this comment.
Then add above this line:
"Then create the podman-redo-nat.py and include the following lines of python code within it:"
Or some such.
|
Ooops! Missed the closed bit on this one. Ignoreme, time to crash! |
github-actions
bot
added
the
locked - please file new issue/PR
Hi,
Firstly, sorry I used the wrong commit message
This will close #5431
Also, I'm not sure if this is the docs section since its in the troubleshooting.md
Thanks.