meta-virtualization@lists.yoctoproject.org | ip6tables executable not getting installed in dunfell

Home Messages Hashtags Subgroups

Date Date 1 - 5 of 5

ip6tables executable not getting installed in dunfell

Fabio Estevam #6825 Hi, I am running the dunfell branch and I notice that ip6tables is not getting installed: # podman run hello-world Trying to pull docker.io/library/hello-world... Getting image source signatures Copying blob 93288797bd35 done Copying config 18e5af7904 done Writing manifest to image destination Storing signatures [ 41.667476] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 41.674442] cni-podman0: port 1(veth5ab23089) entered blocking state [ 41.680912] cni-podman0: port 1(veth5ab23089) entered disabled state [ 41.687634] device veth5ab23089 entered promiscuous mode [ 41.693058] audit: type=1700 audit(1634272456.424:3): dev=veth5ab23089 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295 [ 41.694135] cni-podman0: port 1(veth5ab23089) entered blocking state [ 41.711492] cni-podman0: port 1(veth5ab23089) entered forwarding state [ 41.856399] audit: type=1325 audit(1634272456.604:4): table=nat family=2 entries=0 op=xt_register pid=481 comm="modprobe" [ 41.867521] audit: type=1325 audit(1634272456.612:5): table=nat family=2 entries=5 op=xt_replace pid=482 comm="iptables" [ 41.883462] audit: type=1325 audit(1634272456.632:6): table=nat family=2 entries=7 op=xt_replace pid=485 comm="iptables" [ 41.899451] audit: type=1325 audit(1634272456.648:7): table=nat family=2 entries=8 op=xt_replace pid=488 comm="iptables" [ 41.910483] audit: type=1325 audit(1634272456.656:8): table=nat family=2 entries=9 op=xt_replace pid=490 comm="iptables" ERRO[0004] Error adding network: could not initialize iptables protocol 1: exec: "ip6tables": executable file not found in $PATH ERRO[0004] Error while adding pod to CNI network "podman": could not initialize iptables protocol 1: exec: "ip6tables": executable file not found in $PATH [ 41.973531] cni-podman0: port 1(veth5ab23089) entered disabled state [ 41.981035] device veth5ab23089 left promiscuous mode [ 41.986213] cni-podman0: port 1(veth5ab23089) entered disabled state [ 41.986238] audit: type=1700 audit(1634272456.736:9): dev=veth5ab23089 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295 Error: error configuring network namespace for container 173dbac37c7b288e2a932ef9e6fa2c05c50a30305f46b1ddbd6208b8d77e76de: could not initialize iptables protocol 1: exec: "ip6tables": executable file not found in $PATH What could be the reason for ip6tables executable not getting installed? I have also cherry-picked the commit below to dunfell, but it did not help: https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/commit/?id=35fce40e86c6cd475d24136c699ae1f2821dea85 Thanks, Fabio Estevam -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email: festevam@...
More All Messages By This Member
Fabio Estevam #6828 On 15/10/2021 01:40, Fabio Estevam wrote: Hi, I am running the dunfell branch and I notice that ip6tables is not getting installed: After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed. ~# podman run hello-world .... [ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state Error: systemd cgroup flag passed, but systemd support for managing cgroups is not available: OCI runtime error Does anyone know how to add systemd support for managing cgroups? Thanks, Fabio Estevam -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email: festevam@...
More All Messages By This Member
Fabio Estevam #6829 On 15/10/2021 09:49, Fabio Estevam wrote: On 15/10/2021 01:40, Fabio Estevam wrote: Hi, I am running the dunfell branch and I notice that ip6tables is not getting installed: After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed. ~# podman run hello-world .... [ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state Error: systemd cgroup flag passed, but systemd support for managing cgroups is not available: OCI runtime error Does anyone know how to add systemd support for managing cgroups? I had to add a /etc/containers/libpod.conf file with the following content: cgroup_manager = "cgroupfs" runtime = "/usr/bin/crun" And now podman can run: @iotgate:~# podman run hello-world .... Hello from Docker! This message shows that your installation appears to be working correctly. ... Thanks -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email: festevam@...
More All Messages By This Member
Bruce Ashfield #6830 On Fri, Oct 15, 2021 at 9:00 AM Fabio Estevam <festevam@...> wrote: On 15/10/2021 09:49, Fabio Estevam wrote: On 15/10/2021 01:40, Fabio Estevam wrote: Hi, I am running the dunfell branch and I notice that ip6tables is not getting installed: After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed. ~# podman run hello-world .... [ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state Error: systemd cgroup flag passed, but systemd support for managing cgroups is not available: OCI runtime error Does anyone know how to add systemd support for managing cgroups? I had to add a /etc/containers/libpod.conf file with the following content: There's definitely something different in your image composition than the core-image* (poky based) that are used in much of the (my) regular testing. In a systemd based image, you shouldn't need to specify the cgroup_manager ... crun yes, but that isn't all that common a configuration. From my build this morning: root@qemux86-64:~# podman run hello-world Trying to pull docker.io/library/hello-world:latest... Getting image source signatures Copying blob 2db29710123e done Copying config feb5d9fea6 done Writing manifest to image destination Storing signatures [ 170.623873] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 170.629244] cni-podman0: port 1(vetha3693c5d) entered blocking state [ 170.632659] cni-podman0: port 1(vetha3693c5d) entered disabled state [ 170.633441] device vetha3693c5d entered promiscuous mode [ 170.634203] cni-podman0: port 1(vetha3693c5d) entered blocking state [ 170.634938] cni-podman0: port 1(vetha3693c5d) entered forwarding state [ 170.635725] IPv6: ADDRCONF(NETDEV_CHANGE): cni-podman0: link becomes ready [ 170.783982] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation Hello from Docker! This message shows that your installation appears to be working correctly. <snip> root@qemux86-64:~# uname -a Linux qemux86-64 5.14.9-yocto-standard #1 SMP PREEMPT Wed Oct 6 11:28:32 UTC 2021 x86_64 GNU/Linux ---------------- If what you are seeing can be reproduced on master, and your image definitions are public, I'd be interested in seeing them, so I can expand the rdepends/requires of podman to make sure it pull in what it needs. Bruce cgroup_manager = "cgroupfs" runtime = "/usr/bin/crun" And now podman can run: @iotgate:~# podman run hello-world .... Hello from Docker! This message shows that your installation appears to be working correctly. ... Thanks -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email: festevam@... -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
More All Messages By This Member
Bruce Ashfield #6831 On Fri, Oct 15, 2021 at 8:49 AM Fabio Estevam <festevam@...> wrote: On 15/10/2021 01:40, Fabio Estevam wrote: Hi, I am running the dunfell branch and I notice that ip6tables is not getting installed: After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed. ipv6 is always in my distro features, so I didn't notice that myself. I've added ipv6 to the required distros check of podman, so it will be caught in the future. Bruce ~# podman run hello-world .... [ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state Error: systemd cgroup flag passed, but systemd support for managing cgroups is not available: OCI runtime error Does anyone know how to add systemd support for managing cgroups? Thanks, Fabio Estevam -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email: festevam@... -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
More All Messages By This Member

1 - 5 of 5

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms