pleroma.debian.social

pleroma.debian.social

Jonathan Dowland jmtd
With Podman's former network backend, it was possible to configure a container network that mapped to my home network. Thus, containers were first-class and I could reach them from any LAN client. With the new one (netavark), it *seems* to be impossible. Does anyone know if it can be done?

zhenech zhenech@chaos.social

@jmtd you mean like having a bridge and having containers as "hosts"?
I run some stuff as "network=host", which works fine but is not the same as a bridge.

Jonathan Dowland jmtd
@zhenech yeah the previous setup I used was a bridge. I followed this guide at the time (not the macvlan bit, the bit after). https://blog.carroarmato0.be/2020/05/08/exposing-podman-container-on-the-network/ with trixie’s podman (using netavark), it explicitly detects and rejects defining a bridge network that overlaps a CIDR the host already has. Perhaps there’s a flag to ignore that warning I haven’t found yet.

Jonathan Dowland jmtd
@zhenech my own write up is https://jmtd.net/log/podman_network/ , but it isn’t as useful as the other blog post by someone else

Dmitry Tantsur creepy_owlet@mastodon.online

@zhenech @jmtd it does sound like network=host is the answer here

Matthew Booth mattb@hachyderm.io

@creepy_owlet @zhenech @jmtd Wouldn't that make them all use the host's ip rather than having their own?

zhenech zhenech@chaos.social

@jmtd Did you try creating the bridge manually and then doing something like
podman network create --opt mode=unmanaged --interface-name=br0 --subnet=192.168.124.0/24 podbr0

Jonathan Dowland jmtd
@zhenech the beige already exists, yes: i didn’t try that exact invocation (i think a superset). Going to fiddle a bit more this morning :)

zhenech zhenech@chaos.social

@jmtd mode=unmanaged was the kicker here:

[root@centos9-stream ~]# podman network create --interface-name=br0 --subnet=192.168.124.0/24 podbr0
Error: subnet 192.168.124.0/24 is already used on the host or by another config
[root@centos9-stream ~]# podman network create --opt mode=unmanaged --interface-name=br0 --subnet=192.168.124.0/24 podbr0
podbr0

But that bridge has nothing attached to it, so I can't test right now.

Dmitry Tantsur creepy_owlet@mastodon.online

@mattb @zhenech @jmtd it would, yes. I didn't realize it was a requirement.

Jonathan Dowland jmtd
@zhenech alas the second cmd there also throws the "already used on host or by another config" error. I'm wondering if the old CNI config lying around could be the problem…

Jonathan Dowland jmtd
@zhenech partial solution: I've defined the network with a wrong/temporary IP range, and then edited the JSON file afterwards.
replies
1
announces
0
likes
0

Jonathan Dowland jmtd
@zhenech here's the code that actually throws the error. https://github.com/containers/container-libs/blob/a3b0f19c3ea12cb02f0b11788489c52d4fb02e96/common/libnetwork/internal/util/validate.go#L35 (sorry, I'm using you as a rubber duck here ;))