nerdctl icon indicating copy to clipboard operation
nerdctl copied to clipboard

Published 20 hours ago verified publisher icon containerd

nerdctl system prune --all doesn't work without "firewall" plugin

Open nakamorichi opened this issue 1 year ago • 4 comments

Description

Not exactly sure if this is a bug, but I tried running nerdctl system prune --all in k3s, and got following error:

FATA[0000] needs CNI plugin "firewall" to be installed in CNI_PATH ("/var/lib/rancher/k3s/data/current/bin"), see https://github.com/containernetworking/plugins/releases: exec: "/var/lib/rancher/k3s/data/current/bin/firewall": stat /var/lib/rancher/k3s/data/current/bin/firewall: no such file or directory

nerdctl version output:

WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH
WARN[0000] unable to determine runc version: exec: "runc": executable file not found in $PATH
Client:
 Version:	v0.22.2
 OS/Arch:	linux/amd64
 Git commit:	2899222cb0715f1e5ffe356d10c3439ee8ee3ba4
 builctl:
  Version:

Server:
 containerd:
  Version:	v1.6.6-k3s1
  GitCommit:
 runc:
  Version:

Steps to reproduce the issue

run nerdctl system prune --all in k3s setup.

Describe the results you received and expected

nerdctl system prune --all should complete without errors.

What version of nerdctl are you using?

v0.22.2

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

No response

Host information

Client: Namespace: k8s.io Debug Mode: false

Server: Server Version: v1.6.6-k3s1 Storage Driver: stargz Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Log: fluentd journald json-file Storage: stargz Security Options: apparmor seccomp Profile: default cgroupns Kernel Version: 5.8.0-33-generic Operating System: Ubuntu 20.04 LTS OSType: linux Architecture: x86_64 CPUs: 16 Total Memory: 31.26GiB Name: my-cluster ID: b7ee670e-fe5e-442d-aeeb-3906bc4c1016

nakamorichi avatar Aug 10 '22 05:08 nakamorichi

It looks like missing the default network, CNIEnv will recreate it and the bridge network need a firewall plugin.

junnplus avatar Aug 10 '22 13:08 junnplus

missing default network should not block deleting network

fahedouch avatar Aug 11 '22 19:08 fahedouch

Does #1304 fix this?

yardenshoham avatar Sep 28 '22 06:09 yardenshoham

Still not working with nerdctl 0.23.0:

nerdctl version
WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH
WARN[0000] unable to determine runc version: exec: "runc": executable file not found in $PATH
Client:
 Version:	v0.23.0
 OS/Arch:	linux/amd64
 Git commit:	660680b7ddfde1d38a66ec1c7f08f8d89ab92c68
 builctl:
  Version:

Server:
 containerd:
  Version:	v1.6.8-k3s1
  GitCommit:
 runc:
  Version:

nerdctl system prune --all
WARNING! This will remove:
  - all stopped containers
  - all networks not used by at least one container
  - all images without at least one container associated to them

Are you sure you want to continue? [y/N] y
Deleted Containers:
c97bf906a123857b0aec0e772b15fb591780dc56b14a05935e30115785b0cfb3
d2d9074b2e88e1315bc24fc3fef4620f6b6c1534ceb04b2a0224382e96b695f1

FATA[0014] needs CNI plugin "firewall" to be installed in CNI_PATH ("/var/lib/rancher/k3s/data/current/bin"), see https://github.com/containernetworking/plugins/releases: exec: "/var/lib/rancher/k3s/data/current/bin/firewall": stat /var/lib/rancher/k3s/data/current/bin/firewall: no such file or directory

nakamorichi avatar Sep 29 '22 00:09 nakamorichi

I just updated nerdctl to version v1.0.0 and i'm getting an error:

sudo nerdctl system prune --all
WARNING! This will remove:
  - all stopped containers
  - all networks not used by at least one container
  - all images without at least one container associated to them

Are you sure you want to continue? [y/N] y
FATA[0002] subnet 10.4.0.0/24 overlaps with other one on this address space

Now my env is broken, any pointers?

dioguerra avatar Oct 25 '22 15:10 dioguerra