No connection between containers in a pod

[GBBx]

Describe the bug I wasn't sure if it's a podman or podman-compose issue so I first reported it here. The problem seems to be that two containers in a pod do not connect because of the --net=... flag in the podman create command.

To Reproduce Steps to reproduce the behavior:

1. Have a simple compose file:

version: '3'

services:
  httpd:
    container_name: httpd
    image: docker.io/httpd:latest

  netshoot:
    container_name: netshoot
    image: docker.io/nicolaka/netshoot
    command: ["netstat", "-tulpn"]

2. Play the compose file:

podman-compose -f compose.yml up
podman-compose version: 1.0.4
['podman', '--version', '']
using podman version: 4.1.1
** excluding:  set()
['podman', 'ps', '--filter', 'label=io.podman.compose.project=podman', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
podman pod create --name=pod_podman --infra=false --share=
46bad108ca3afb89ef2be46f8f9f5206ec19146fd2dcca192d18736938bf1dfc
exit code: 0
['podman', 'network', 'exists', 'podman_default']
['podman', 'network', 'create', '--label', 'io.podman.compose.project=podman', '--label', 'com.docker.compose.project=podman', 'podman_default']
['podman', 'network', 'exists', 'podman_default']
podman create --name=httpd --pod=pod_podman --label io.podman.compose.config-hash=7e3fb67158655c11fe6338193b58fd337ca4424b7628b0703048786c9ea6bb1a --label io.podman.compose.project=podman --label io.podman.compose.version=1.0.4 --label [email protected] --label com.docker.compose.project=podman --label com.docker.compose.project.working_dir=/home/podman --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=httpd --net podman_default --network-alias httpd docker.io/httpd:latest
c27f9a2ea6fef550ce4020de3343a71fd4c62de4dd72a14840757fca718195fc
exit code: 0
['podman', 'network', 'exists', 'podman_default']
podman create --name=netshoot --pod=pod_podman --label io.podman.compose.config-hash=7e3fb67158655c11fe6338193b58fd337ca4424b7628b0703048786c9ea6bb1a --label io.podman.compose.project=podman --label io.podman.compose.version=1.0.4 --label [email protected] --label com.docker.compose.project=podman --label com.docker.compose.project.working_dir=/home/podman --label com.docker.compose.project.config_files=compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=netshoot --net podman_default --network-alias netshoot docker.io/nicolaka/netshoot netstat -tulpn
3b956577a8801ec643ecece8935978a0caf0beb556a9a0855fb4b636d1b43d09
exit code: 0
podman start -a httpd
ERRO[0000] failed to move the rootless netns slirp4netns process to the systemd user.slice: exec: "dbus-launch": executable file not found in $PATH
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.89.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.89.0.2. Set the 'ServerName' directive globally to suppress this message
[Fri Aug 26 13:31:09.554032 2022] [mpm_event:notice] [pid 1:tid 140573509266752] AH00489: Apache/2.4.54 (Unix) configured -- resuming normal operations
[Fri Aug 26 13:31:09.554393 2022] [core:notice] [pid 1:tid 140573509266752] AH00094: Command line: 'httpd -D FOREGROUND'
podman start -a netshoot
[netshoot] | Active Internet connections (only servers)
[netshoot] | Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
exit code: 0

Expected behavior The second container should show that the httpd process in the first one listes on port 80

Actual behavior There is no connection between the containers and the netstat output is empty.

Output

$ podman-compose version: 1.0.4
['podman', '--version', '']
using podman version: 4.1.1
podman-compose version 1.0.4
podman --version
podman version 4.1.1
exit code: 0

Environment:

• OS: Linux
• podman version: 4.1.1
• podman compose version: (git hex)

Additional context I tried to add various arguments to the "up" command, e.g. --podman-run-args=--net= to cancel the --net=podman_default partbut it resulted in two --net arguments. I also tried --pod-args="--net=podman_default" but it did not change the outcome.

Add any other context about the problem here.

[muayyad-alsadi]

Since you are using podman 4 make sure you got Netavark and Aardvark dns installed

Make sure you don't see CNI in the output of

podman info | grep network

[GBBx]

Hi @muayyad-alsadi , thanks for the hint. I did have CNI but now I have netavark:

podman info --format {{.Host.NetworkBackend}}
netavark

And it still does not work. My understanding is that it doesn't work because of the --net=podman_default parameter. As mentioned in the other ticket the individual commands work if I remove this part of the command.

[anutator]

I had such problem, I noticed that my containers where in 10.89.0.0/24 network but tried to resolve names from 10.88.2.1 instead of 10.89.0.1. I had to change /etc/containers/containers.conf - default_subnet /24 (16 by default) and pool for other subnets.

[network]
network_backend="netavark"
default_subnet = "10.88.0.0/24"
default_subnet_pools = [
  {"base" = "10.88.2.0/16", "size" = 24},
]

Then systemctl restart podman. Then podman-compose -f file.yml down and remove it's network (podman network ls, podman network rm network_from_podman_compose). Then start containers from podman-compose file. You can network inspect ... to check it.

[h25302]

https://github.com/containers/podman-compose/issues/541

[GBBx]

I understood the one container cannot reference the other as "localhost" or "127.0.0.1" anymore but it works with the container name. Thanks for the help.