Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How do you create a macvlan network with explicit DNS servers? #19169

Closed
antifuchs opened this issue Jul 8, 2023 · 2 comments · Fixed by #19207
Closed

How do you create a macvlan network with explicit DNS servers? #19169

antifuchs opened this issue Jul 8, 2023 · 2 comments · Fixed by #19207
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. network Networking related issue or feature

Comments

@antifuchs
Copy link

Issue Description

In pre-netavark podman releases, it was possible to specify --dns=9.9.9.10 when creating a container. In 4.5.0, I can still create the container with the --dns argument, but that has no effect: /etc/resolv.conf is created from the host regardless.

Steps to reproduce the issue

Steps to reproduce the issue

  1. podman network create media-test -d macvlan -o parent=v55toys --ipam-driver=host-local --subnet "10.0.5.0/24" --ip-range 10.0.5.225/28 --gateway "10.0.5.1" --dns 9.9.9.10 fails: "Error: cannot set NetworkDNSServers if DNS is not enabled for the network: invalid argument"
  2. podman network create media-test -d macvlan -o parent=v55toys --ipam-driver=host-local --subnet "10.0.5.0/24" --ip-range 10.0.5.225/28 --gateway "10.0.5.1" without DNS servers succeeds, but then:
  3. podman run --network=media-test --dns=9.9.9.9 --rm ubuntu:latest cat /etc/resolv.conf shows the host's DNS configuration. However:
  4. podman run --dns=9.9.9.9 --rm ubuntu:latest cat /etc/resolv.conf | grep 9.9.9.9 does work.

Describe the results you received

(see repro)

Describe the results you expected

I would have hoped to be able to set DNS servers for all drivers, regardless of whether they have DNS resolution enabled or not.

Even if you can't set the DNS servers on the network, I would have expected the container creation argument to have the desired effect of using the specified servers instead of the host's.

podman info output

plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
  - quay.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 8
    paused: 0
    running: 7
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/lib/docker/podman-storage
  graphRootAllocated: 210241560576
  graphRootUsed: 95477915648
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 86
  runRoot: /home/asf
  transientStore: false
  volumePath: /var/lib/docker/podman-storage/volumes
version:
  APIVersion: 4.5.0
  Built: 315532800
  BuiltTime: Mon Dec 31 19:00:00 1979
  GitCommit: ""
  GoVersion: go1.20.5
  Os: linux
  OsArch: linux/amd64
  Version: 4.5.0

Podman in a container

No

Privileged Or Rootless

Privileged

Upstream Latest Release

Yes

Additional environment details

This is running on a physical machine running NixOS 23.05, with a macvlan I'm hoping to parent to a specific ethernet device.

Additional information

No response

@antifuchs antifuchs added the kind/bug Categorizes issue or PR as related to a bug. label Jul 8, 2023
@Luap99 Luap99 added the network Networking related issue or feature label Jul 10, 2023
@Luap99
Copy link
Member

Luap99 commented Jul 12, 2023

This seems like a regression to me when we change the dns handling for aardvark-dns to support per container upstream resolvers.
Because macvlan ignores dns completely we do not get any servers back and forgot to fill in the correct ones from the container config.
It should not be to complicated to fix that.

@Luap99 Luap99 self-assigned this Jul 12, 2023
Luap99 added a commit to Luap99/libpod that referenced this issue Jul 12, 2023
The change to use the custom dns server in aardvark-dns caused a
regression here because macvlan networks never returned the nameservers
in netavark and it also does not make sense to do so.

Instead check here if we got any network nameservers, if not we then use
the ones from the config if set otherwise fallback to host servers.

Fixes containers#19169

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@antifuchs
Copy link
Author

Thanks so much for the ultra quick fix, @Luap99! I can confirm that the nameservers get set on those containers that expect them to be set with cd58306!

ashley-cui pushed a commit to ashley-cui/podman that referenced this issue Jul 13, 2023
The change to use the custom dns server in aardvark-dns caused a
regression here because macvlan networks never returned the nameservers
in netavark and it also does not make sense to do so.

Instead check here if we got any network nameservers, if not we then use
the ones from the config if set otherwise fallback to host servers.

Fixes containers#19169

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Oct 11, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. network Networking related issue or feature
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants