Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

host.containers.internal not accessible on podman native #24260

Closed
axel7083 opened this issue Oct 14, 2024 · 2 comments
Closed

host.containers.internal not accessible on podman native #24260

axel7083 opened this issue Oct 14, 2024 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@axel7083
Copy link

Issue Description

Using podman native on linux, I am not able to use host.containers.internal:<exposed-container-port> to ping other containers.

If I am using a qemu machine, this is working well.

I've not found much documentation on host.containers.internal so this might be the expected behaviour.

Steps to reproduce the issue

Steps to reproduce the issue

  1. Start an nginx container podman run --name nginx-demo -d -p 8080:80 nginx
  2. Run podman run --rm docker.io/curlimages/curl -v host.containers.internal:8080
  3. assert logs Could not resolve host: host.containers.internal

Describe the results you received

curl: (6) Could not resolve host: host.containers.internal

Describe the results you expected

<h1>Welcome to nginx!</h1>

podman info output

host:
arch: amd64
buildahVersion: 1.37.3
cgroupControllers:

  • cpu
  • io
  • memory
  • pids
    cgroupManager: systemd
    cgroupVersion: v2
    conmon:
    package: conmon-2.1.12-2.fc40.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: '
    cpuUtilization:
    idlePercent: 91.54
    systemPercent: 0.96
    userPercent: 7.5
    cpus: 16
    databaseBackend: sqlite
    distribution:
    distribution: fedora
    variant: workstation
    version: "40"
    eventLogger: journald
    freeLocks: 2026
    hostname: Host-005
    idMappings:
    gidmap:
    • container_id: 0
      host_id: 1000
      size: 1
    • container_id: 1
      host_id: 524288
      size: 65536
      uidmap:
    • container_id: 0
      host_id: 1000
      size: 1
    • container_id: 1
      host_id: 524288
      size: 65536
      kernel: 6.10.12-200.fc40.x86_64
      linkmode: dynamic
      logDriver: journald
      memFree: 22461300736
      memTotal: 67111100416
      networkBackend: netavark
      networkBackendInfo:
      backend: netavark
      dns:
      package: aardvark-dns-1.12.2-2.fc40.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.12.2
      package: netavark-1.12.2-1.fc40.x86_64
      path: /usr/libexec/podman/netavark
      version: netavark 1.12.2
      ociRuntime:
      name: crun
      package: crun-1.17-1.fc40.x86_64
      path: /usr/bin/crun
      version: |-
      crun version 1.17
      commit: 000fa0d4eeed8938301f3bcf8206405315bc1017
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
      os: linux
      pasta:
      executable: /usr/bin/pasta
      package: passt-0^20240906.g6b38f07-1.fc40.x86_64
      version: |
      pasta 0^20240906.g6b38f07-1.fc40.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
      https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
      remoteSocket:
      exists: true
      path: /run/user/1000/podman/podman.sock
      rootlessNetworkCmd: pasta
      security:
      apparmorEnabled: false
      capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
      rootless: true
      seccompEnabled: true
      seccompProfilePath: /usr/share/containers/seccomp.json
      selinuxEnabled: true
      serviceIsRemote: false
      slirp4netns:
      executable: ""
      package: ""
      version: ""
      swapFree: 8589930496
      swapTotal: 8589930496
      uptime: 21h 43m 18.00s (Approximately 0.88 days)
      variant: ""
      plugins:
      authorization: null
      log:
  • k8s-file
  • none
  • passthrough
  • journald
    network:
  • bridge
  • macvlan
  • ipvlan
    volume:
  • local
    registries:
    search:
  • registry.fedoraproject.org
  • registry.access.redhat.com
  • docker.io
    store:
    configFile: /home/axel7083/.config/containers/storage.conf
    containerStore:
    number: 21
    paused: 0
    running: 1
    stopped: 20
    graphDriverName: overlay
    graphOptions: {}
    graphRoot: /home/axel7083/.local/share/containers/storage
    graphRootAllocated: 1022505254912
    graphRootUsed: 324359106560
    graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
    imageCopyTmpDir: /var/tmp
    imageStore:
    number: 362
    runRoot: /run/user/1000/containers
    transientStore: false
    volumePath: /home/axel7083/.local/share/containers/storage/volumes
    version:
    APIVersion: 5.2.3
    Built: 1727136000
    BuiltTime: Tue Sep 24 02:00:00 2024
    GitCommit: ""
    GoVersion: go1.22.7
    Os: linux
    OsArch: linux/amd64
    Version: 5.2.3

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

No

Additional environment details

podman native linux

Additional information

Works fine with qemu

  1. Start webserver podman --connection=podman-machine-default run --name nginx-demo-qemu -d -p 8080:80 nginx
  2. Run podman --connection=podman-machine-default run --rm docker.io/curlimages/curl -v host.containers.internal:8080
  3. assert <h1>Welcome to nginx!</h1>
@Luap99
Copy link
Member

Luap99 commented Oct 14, 2024

you need a second host ip with pasta or wait for podman v5.3 (#24133 (comment)) or you use --network sirp4netns for now.

There is some more discussion in #22653

@Luap99 Luap99 closed this as not planned Won't fix, can't repro, duplicate, stale Oct 14, 2024
@axel7083
Copy link
Author

Thanks @Luap99 for the fast reply and the details 👍

@stale-locking-app stale-locking-app bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Jan 13, 2025
@stale-locking-app stale-locking-app bot locked as resolved and limited conversation to collaborators Jan 13, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

No branches or pull requests

2 participants