[PATCH] docker: Add kernel-module-xt-nat to RRECOMMENDS


Robert Yang
 

Fixed when kernel-module-xt-nat is not installed:
$ docker run --rm -it -p 80:80 alpine

docker: Error response from daemon: driver failed programming external connectivity on endpoint elated_cori
Try `iptables -h' or 'iptables --help' for more information.
(exit status 2)).

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
recipes-containers/docker/docker.inc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/docker/docker.inc
index 40a3642c..e7bdc388 100644
--- a/recipes-containers/docker/docker.inc
+++ b/recipes-containers/docker/docker.inc
@@ -29,7 +29,13 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare iptables \
"
RDEPENDS:${PN} += "virtual-containerd virtual-runc"

-RRECOMMENDS:${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat kernel-module-nf-conntrack-netlink kernel-module-xt-addrtype kernel-module-xt-masquerade"
+RRECOMMENDS:${PN} = "kernel-module-dm-thin-pool \
+ kernel-module-nf-nat \
+ kernel-module-nf-conntrack-netlink \
+ kernel-module-xt-addrtype \
+ kernel-module-xt-masquerade \
+ kernel-module-xt-nat \
+ "

PROVIDES += "virtual/docker"

--
2.17.1


Bruce Ashfield
 

On Wed, Jan 19, 2022 at 7:00 AM Robert Yang <liezhi.yang@windriver.com> wrote:

Fixed when kernel-module-xt-nat is not installed:
$ docker run --rm -it -p 80:80 alpine

docker: Error response from daemon: driver failed programming external connectivity on endpoint elated_cori
Try `iptables -h' or 'iptables --help' for more information.
(exit status 2)).
There's already a pending patch for similar changes, I'm still
working through the unification of the meta-virt fragments and the
kernel-cache fragments, so I'm not doing any of the RRECOMMENDS
changes at the moment, until I have that unified.

Since we can recommend all we want, but it can't fix a bad
configuration, and that's the issue.

Bruce

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
recipes-containers/docker/docker.inc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/docker/docker.inc
index 40a3642c..e7bdc388 100644
--- a/recipes-containers/docker/docker.inc
+++ b/recipes-containers/docker/docker.inc
@@ -29,7 +29,13 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare iptables \
"
RDEPENDS:${PN} += "virtual-containerd virtual-runc"

-RRECOMMENDS:${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat kernel-module-nf-conntrack-netlink kernel-module-xt-addrtype kernel-module-xt-masquerade"
+RRECOMMENDS:${PN} = "kernel-module-dm-thin-pool \
+ kernel-module-nf-nat \
+ kernel-module-nf-conntrack-netlink \
+ kernel-module-xt-addrtype \
+ kernel-module-xt-masquerade \
+ kernel-module-xt-nat \
+ "

PROVIDES += "virtual/docker"

--
2.17.1

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Robert Yang
 

Hi Bruce,

On 1/19/22 9:34 PM, Bruce Ashfield wrote:
On Wed, Jan 19, 2022 at 7:00 AM Robert Yang <liezhi.yang@windriver.com> wrote:

Fixed when kernel-module-xt-nat is not installed:
$ docker run --rm -it -p 80:80 alpine

docker: Error response from daemon: driver failed programming external connectivity on endpoint elated_cori
Try `iptables -h' or 'iptables --help' for more information.
(exit status 2)).
There's already a pending patch for similar changes, I'm still
working through the unification of the meta-virt fragments and the
kernel-cache fragments, so I'm not doing any of the RRECOMMENDS
changes at the moment, until I have that unified.
Since we can recommend all we want, but it can't fix a bad
configuration, and that's the issue.
Yes, makes sense, do you have a clue on how to figure out all of them, please?

// Robert

Bruce

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
recipes-containers/docker/docker.inc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/docker/docker.inc
index 40a3642c..e7bdc388 100644
--- a/recipes-containers/docker/docker.inc
+++ b/recipes-containers/docker/docker.inc
@@ -29,7 +29,13 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare iptables \
"
RDEPENDS:${PN} += "virtual-containerd virtual-runc"

-RRECOMMENDS:${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat kernel-module-nf-conntrack-netlink kernel-module-xt-addrtype kernel-module-xt-masquerade"
+RRECOMMENDS:${PN} = "kernel-module-dm-thin-pool \
+ kernel-module-nf-nat \
+ kernel-module-nf-conntrack-netlink \
+ kernel-module-xt-addrtype \
+ kernel-module-xt-masquerade \
+ kernel-module-xt-nat \
+ "

PROVIDES += "virtual/docker"

--
2.17.1
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Bruce Ashfield
 

On Thu, Jan 20, 2022 at 2:07 AM Robert Yang <liezhi.yang@windriver.com> wrote:

Hi Bruce,

On 1/19/22 9:34 PM, Bruce Ashfield wrote:
On Wed, Jan 19, 2022 at 7:00 AM Robert Yang <liezhi.yang@windriver.com> wrote:

Fixed when kernel-module-xt-nat is not installed:
$ docker run --rm -it -p 80:80 alpine

docker: Error response from daemon: driver failed programming external connectivity on endpoint elated_cori
Try `iptables -h' or 'iptables --help' for more information.
(exit status 2)).
There's already a pending patch for similar changes, I'm still
working through the unification of the meta-virt fragments and the
kernel-cache fragments, so I'm not doing any of the RRECOMMENDS
changes at the moment, until I have that unified.

Since we can recommend all we want, but it can't fix a bad
configuration, and that's the issue.
Yes, makes sense, do you have a clue on how to figure out all of them, please?
This is something that I'm working on in cooperation with the external
kernel-cache recipe/tool that I have in meta-virt.

Your change is correct, I'm just going to let it sit on my queue for a
bit, while I work through the rest of the changes with respect to
getting the right configuration across a range of kernels and having
the ability to check for the fragments (versus the final .config,
since we don't want to start checking for individual options after the
kernel configuration runs).

Bruce


// Robert


Bruce

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
recipes-containers/docker/docker.inc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/docker/docker.inc
index 40a3642c..e7bdc388 100644
--- a/recipes-containers/docker/docker.inc
+++ b/recipes-containers/docker/docker.inc
@@ -29,7 +29,13 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare iptables \
"
RDEPENDS:${PN} += "virtual-containerd virtual-runc"

-RRECOMMENDS:${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat kernel-module-nf-conntrack-netlink kernel-module-xt-addrtype kernel-module-xt-masquerade"
+RRECOMMENDS:${PN} = "kernel-module-dm-thin-pool \
+ kernel-module-nf-nat \
+ kernel-module-nf-conntrack-netlink \
+ kernel-module-xt-addrtype \
+ kernel-module-xt-masquerade \
+ kernel-module-xt-nat \
+ "

PROVIDES += "virtual/docker"

--
2.17.1

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II