netavark icon indicating copy to clipboard operation
netavark copied to clipboard

Published 20 hours ago verified publisher icon containers

allow configuration of the libexec dir

Open nolange opened this issue 2 years ago • 8 comments

For debian, the podman binaries end up in /usr/lib/podman, this means that aardvark-dns will not be found. While the makefile would allow customization, the path is hardcoded in https://github.com/containers/netavark/blob/4c55e244a83ad18bd1d3a9cb1180943f390245cd/src/main.rs#L49

nolange avatar Feb 02 '23 10:02 nolange

I am happy to review PRs to fix it but I don't think this is a real problem? Podman will always set the cli option to overwrite this with the correct path anyway so it should not cause any issues.

Luap99 avatar Feb 06 '23 15:02 Luap99

At the very least, i got tons of log entries like:

podman[180046]: [INFO netavark::commands::setup] dns disabled because aardvark-dns path does not exists

Don't know a single thing about rust, so I won't be cooking up any PR

nolange avatar Feb 06 '23 23:02 nolange

Do you even have aardvark-dns installed? Podman will send the correct path down to netavark assuming it is installed. If you do not want dns you need to create the network with podman network create --disable-dns this will not cause this log entry.

Luap99 avatar Feb 07 '23 12:02 Luap99

Sure i have aardvark-dns installed, but looking again at the logs things are more complicated.

The invocation is via REST API, from within a container using the docker.io/gitlab/gitlab-runner image, using a mapped podman service socket. The podman service running directly on the host will generate the log entries.

Do you know how podman does resolve the path?

Btw, even if this Bug seems invalid, as I still have the issue after changing the path, a better solution might be to just use search aardvark-dns using netavark's programm path.

aardvark-dns path does not exists log 
Feb 07 13:34:05 server systemd[1061]: Started rootless-netns-b0df4332.scope.
Feb 07 13:34:05 server podman[202186]: [INFO  netavark::firewall] Using iptables firewall driver
Feb 07 13:34:05 server podman[202186]: [INFO  netavark::network::netlink] Adding route (dest: 0.0.0.0/0 ,gw: 10.88.0.1, metric 100)
Feb 07 13:34:05 server kernel: podman0: port 1(veth0) entered blocking state
Feb 07 13:34:05 server kernel: podman0: port 1(veth0) entered disabled state
Feb 07 13:34:05 server kernel: device veth0 entered promiscuous mode
Feb 07 13:34:05 server kernel: podman0: port 1(veth0) entered blocking state
Feb 07 13:34:05 server kernel: podman0: port 1(veth0) entered forwarding state
Feb 07 13:34:05 server kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
Feb 07 13:34:05 server podman[202186]: [INFO  netavark::commands::setup] dns disabled because aardvark-dns path does not exists
Feb 07 13:34:05 server podman[201496]: time="2023-02-07T13:34:05+01:00" level=info msg="Running conmon under slice user.slice and unitName libpod-conmon-ace6f0546af45eec4cd3ffa4bd1dfac37c18bb733a14881b05edb0b0da6c539d.scope"
Feb 07 13:34:05 server systemd[1061]: Started libpod-conmon-ace6f0546af45eec4cd3ffa4bd1dfac37c18bb733a14881b05edb0b0da6c539d.scope.
Feb 07 13:34:05 server systemd[1061]: Started libpod-ace6f0546af45eec4cd3ffa4bd1dfac37c18bb733a14881b05edb0b0da6c539d.scope - libcrun container.
Feb 07 13:34:05 server podman[201496]: time="2023-02-07T13:34:05+01:00" level=info msg="Got Conmon PID as 202222"
Feb 07 13:34:05 server podman[201496]: 2023-02-07 13:34:05.391401054 +0100 CET m=+13.491431836 container init ace6f0546af45eec4cd3ffa4bd1dfac37c18bb733a14881b05edb0b0da6c539d (image=registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-f86890c6, name=runner-enafmmie-project-7-concurrent-0-1dc4>
Feb 07 13:34:05 server podman[201496]: time="2023-02-07T13:34:05+01:00" level=info msg="Performing HTTP Hijack attach to container ace6f0546af45eec4cd3ffa4bd1dfac37c18bb733a14881b05edb0b0da6c539d"
Feb 07 13:34:05 server podman[201496]: 2023-02-07 13:34:05.391554829 +0100 CET m=+13.491585622 container attach ace6f0546af45eec4cd3ffa4bd1dfac37c18bb733a14881b05edb0b0da6c539d (image=registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-f86890c6, name=runner-enafmmie-project-7-concurrent-0-1d>
Feb 07 13:34:05 server podman[201496]: 2023-02-07 13:34:05.395936991 +0100 CET m=+13.495967773 container start ace6f0546af45eec4cd3ffa4bd1dfac37c18bb733a14881b05edb0b0da6c539d (image=registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-f86890c6, name=runner-enafmmie-project-7-concurrent-0-1dc>
Feb 07 13:34:05 server podman[201496]: @ - - [07/Feb/2023:13:34:05 +0100] "POST /v1.41/containers/ace6f0546af45eec4cd3ffa4bd1dfac37c18bb733a14881b05edb0b0da6c539d/start HTTP/1.1" 204 0 "" "Go-http-client/1.1"

nolange avatar Feb 07 '23 13:02 nolange

Actually, I have similar problems.

strace -f -e trace=file podman --log-level debug run --rm alpine 2>&1 | grep -i dns

gives me

[pid 21812] newfstatat(AT_FDCWD, "/usr/local/libexec/podman/aardvark-dns", {st_mode=S_IFREG|0755, st_size=7119376, ...}, 0) = 0
[pid 21815] statx(AT_FDCWD, "/usr/local/libexec/podman/aardvark-dns", AT_STATX_SYNC_AS_STAT, STATX_ALL, {stx_mask=STATX_ALL|0x1000, stx_attributes=0, stx_mode=S_IFREG|0755, stx_size=7119376, ...}) = 0
[INFO  netavark::commands::setup] dns disabled because aardvark-dns path does not exists
            dns_search_domains: Some(
            dns_server_ips: Some(
[pid 21892] newfstatat(AT_FDCWD, "/usr/local/libexec/podman/aardvark-dns", {st_mode=S_IFREG|0755, st_size=7119376, ...}, 0) = 0
[pid 21896] statx(AT_FDCWD, "/usr/local/libexec/podman/aardvark-dns", AT_STATX_SYNC_AS_STAT, STATX_ALL, {stx_mask=STATX_ALL|0x1000, stx_attributes=0, stx_mode=S_IFREG|0755, stx_size=7119376, ...}) = 0

So it has been located correctly, but it also reports dns disabled because aardvark-dns path does not exists.

aardvark-dns is in place an running

# ldd /usr/local/libexec/podman/aardvark-dns
        linux-vdso.so.1 (0x00007ffdd13fd000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f3fe34c0000)
        librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f3fe34b6000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f3fe3495000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f3fe307d000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f3fe3490000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3fe2ebd000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f3fe34fc000)

tobwen avatar Feb 14 '23 18:02 tobwen

do you want to propose a PR or prefer we do ....

baude avatar Feb 14 '23 19:02 baude

@baude I would definitely give it a try, but I'm first trying to figure out why the binary isn't being recognized at all.

tobwen avatar Feb 14 '23 19:02 tobwen

gentle ping.

baude avatar Jun 29 '23 14:06 baude