Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

group host mode network did not passed to driver #153

Open
ttys3 opened this issue Jan 23, 2022 · 1 comment
Open

group host mode network did not passed to driver #153

ttys3 opened this issue Jan 23, 2022 · 1 comment
Labels
stage/needs-investigation theme/networking type/enhancement

Comments

@ttys3
Copy link
Contributor

ttys3 commented Jan 23, 2022
edited

demo job:

job "redis-host" {
  datacenters = ["dc1"]

  type = "service"

  group "redis-host" {
    count = 1

    network {
      mode = "host"

      port "redis" {
        to = 6349
      }
    }

    task "redis-host" {
      env {
        PORT    = "${NOMAD_PORT_redis}"
        NODE_IP = "${NOMAD_IP_redis}"
      }

      driver = "podman"

      config {
        image        = "redis"
        cap_add      = ["NET_RAW"]
#    this line is comment out to demo the problem
#      network_mode = "host"
        command      = "redis-server"
        args         = ["--port", "6349"]
      }
    }
  }
}

the container actually runs in a bridged network (the default podman bridge network)

do some digging, I found that,

the condition is we did not set driverConfig.NetworkMode (I want its value passed from group - network - mode ).

if group - network - mode is set to host, nomad will not set cfg.NetworkIsolation, so it is nil
thus the logic goes here

nomad-driver-podman/driver.go

Lines 468 to 483 in 7e3d018

if driverConfig.NetworkMode == "" {
if !rootless {
// should we join the group shared network namespace?
if cfg.NetworkIsolation != nil && cfg.NetworkIsolation.Mode == drivers.NetIsolationModeGroup {
// yes, join the group ns namespace
createOpts.ContainerNetworkConfig.NetNS.NSMode = api.Path
createOpts.ContainerNetworkConfig.NetNS.Value = cfg.NetworkIsolation.Path
} else {
// no, simply attach a rootful container to the default podman bridge
createOpts.ContainerNetworkConfig.NetNS.NSMode = api.Bridge
}
} else {
// slirp4netns is default for rootless podman
createOpts.ContainerNetworkConfig.NetNS.NSMode = api.Slirp
}
} else if driverConfig.NetworkMode == "bridge" {

so here is the problem. when we need host network mode, we need set this both in group - network - mode and driver's config - network_mode.
@ttys3 ttys3 changed the title host mode network problem host mode network did not passed to driver Jan 23, 2022
@ttys3 ttys3 changed the title host mode network did not passed to driver group host mode network did not passed to driver Jan 23, 2022
@ttys3 ttys3 changed the title group host mode network did not passed to driver group host mode network did not passed to driver Jan 23, 2022
@ttys3 ttys3 changed the title group host mode network did not passed to driver group host mode network did not passed to driver Jan 23, 2022
@slonopotamus
Copy link

slonopotamus commented Mar 12, 2024
edited

Hello from 2024, this bug is still here.

I want to note that current behavior contradicts documentation that explicitly says:

By default the task uses the network stack defined in the task group network block.

There is also a confusing part in the same documentation:

If the groups network behavior is also undefined, it will fallback to bridge in rootful mode or slirp4netns for rootless containers.

This doesn't make any sense because you can't have group network undefined, it defaults to host.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stage/needs-investigation theme/networking type/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@slonopotamus @lgfa29 @ttys3