compose does not use pasta network

[az-z]

Describe the bug i can't figure out how to make compose to use the pasta network mode.

please try to reproduce the bug in latest devel branch

To Reproduce Steps to reproduce the behavior: podman-compose version 1.1.0 podman version 4.9.4

Fedora release 39 (Thirty Nine)

I reset the system and specified the default network mode ( is it mode ? or is it a driver? ) to pasta:

[sailtech@dell5000 ~]$  grep cmd ~/.config/containers/containers.conf 
#default_rootless_network_cmd = "slirp4netns"
default_rootless_network_cmd = "pasta"
#network_cmd_path = ""
#network_cmd_options = []

[sailtech@dell5000 ~]$  podman info | grep networkBackend
  networkBackend: netavark
  networkBackendInfo:

[sailtech@dell5000 ~]$ podman run  -d --name=myubi registry.access.redhat.com/ubi8/ubi
[sailtech@dell5000 ~]$ podman inspect --format {{.HostConfig.NetworkMode}} myubi
pasta

[sailtech@dell5000 ~]$ podman-compose --in-pod=yes -f ./podman-compose.yml up
....
[sailtech@dell5000 ~]$ podman inspect --format {{.HostConfig.NetworkMode}} sailtech_restapi_1
bridge

[sailtech@dell5000 ~]$ podman network  ls
NETWORK ID    NAME              DRIVER
2f259bab93aa  podman            bridge
8f1d4e09447a  sailtech_default  bridge

[sailtech@dell5000 ~]$ podman network inspect sailtech_default
[
     {
          "name": "sailtech_default",
          "id": "8f1d4e09447a973e4225ba5262e4405722c480c42dcf70da2934fae2e9c1a91b",
          "driver": "bridge",
          "network_interface": "podman2",
          "created": "2024-06-18T23:07:06.718877522-04:00",
          "subnets": [
               {
                    "subnet": "10.89.1.0/24",
                    "gateway": "10.89.1.1"
               }
          ],
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": true,
          "labels": {
               "com.docker.compose.project": "sailtech",
               "io.podman.compose.project": "sailtech"
          },
          "ipam_options": {
               "driver": "host-local"
          }
     }
]

it looks like the compose creates a bridge network ignoring the default setting to pasta.

the addition to compose file :

networks:
   default:
     mode: pasta

has no bearing on the execution result.

Expected behavior i expect the compose to use the (default) pasta network

Actual behavior it doesn't

[jjhidalgar]

Same issue here, I'm having issues creating rootless containers because (i think) of this error.

netavark: code: 3, msg: modprobe: ERROR: could not insert 'ip_tables': Operation not permitted
iptables v1.8.10 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

[jjhidalgar]

I also found that this issue happens with podman as well, without compose

This works:

podman run -d -p 8000:8000/udp ubuntu:latest sleep infinity

This doesn't work:

podman network create infra
podman run --network=infra -d -p 8000:8000/udp ubuntu:latest sleep infinity

Error: netavark: iptables: No such file or directory (os error 2)

[az-z]

Missing package perhaps?

On Tue, Oct 15, 2024, 2:14 PM Jaime Hidalgo García @.***> wrote:

I also found that this issue happens with podman as well, without compose

This works:

podman run -d -p 8000:8000/udp ubuntu:latest sleep infinity

This doesn't work:

podman network create infra podman run --network=infra -d -p 8000:8000/udp ubuntu:latest sleep infinity

Error: netavark: iptables: No such file or directory (os error 2)

— Reply to this email directly, view it on GitHub https://github.com/containers/podman-compose/issues/967#issuecomment-2414699927, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGHHXMK6O6PUGWKXPSEWU3Z3VLQPAVCNFSM6AAAAABJSMG43SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMJUGY4TSOJSG4 . You are receiving this because you authored the thread.Message ID: @.***>

[jjhidalgar]

Well, you are right in that, but it's still confusing.

So, if I configure the system as this using root:

dnf install netavark # this would also install dependencies: iptables-libs, iptables-legacy and iptables-legacy-libs
modprobe ip_tables

Then, it works, but I'm not sure if it's using Pasta

podman inspect 28c2d0e259f2acc96287552db59d7bd788b140fcfb818fe9b17a81cf30c2a9c4 | grep Net
          "NetworkSettings": {
               "Networks": {
                         "NetworkID": "infra",
               "NetworkMode": "bridge",

[az-z]

I could never see "pasta". But all my configurations are working. I have inter comms and inbound connections. I have not tried creating new networks or internetwork connections.

On Tue, Oct 15, 2024, 2:23 PM Jaime Hidalgo García @.***> wrote:

Well, you are right in that, but it's still confusing.

So, if I configure the system as this using root:

dnf install netavark # this would also install dependencies: iptables-libs, iptables-legacy and iptables-legacy-libs modprobe ip_tables

Then, it works, but I'm not sure if it's using Pasta

podman inspect 28c2d0e259f2acc96287552db59d7bd788b140fcfb818fe9b17a81cf30c2a9c4 | grep Net "NetworkSettings": { "Networks": { "NetworkID": "infra", "NetworkMode": "bridge",

— Reply to this email directly, view it on GitHub https://github.com/containers/podman-compose/issues/967#issuecomment-2414717026, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGHHXOXBIFQMVC7T7KIGQTZ3VMRRAVCNFSM6AAAAABJSMG43SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMJUG4YTOMBSGY . You are receiving this because you authored the thread.Message ID: @.***>

[jjhidalgar]

I think that your description is accurate. It's basically working (if you have the right packages, which I was missing in my first experiments -iptables and ip_tables kernel module-), but it doesn't use pasta when creating a network or using compose.

[az-z]

Compose is all another beast. Brace yourself.

On Tue, Oct 15, 2024, 2:28 PM Jaime Hidalgo García @.***> wrote:

I think that your description is accurate. It's basically working (if you have the right packages, which I was missing in my first experiments -iptables and ip_tables kernel module-), but it doesn't use pasta when creating a network or using compose.

— Reply to this email directly, view it on GitHub https://github.com/containers/podman-compose/issues/967#issuecomment-2414726752, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGHHXK7QMGXWXUHLOU6HU3Z3VNFFAVCNFSM6AAAAABJSMG43SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMJUG4ZDMNZVGI . You are receiving this because you authored the thread.Message ID: @.***>

[kavishgr]

I also found that this issue happens with podman as well, without compose

This works:

podman run -d -p 8000:8000/udp ubuntu:latest sleep infinity

This doesn't work:

podman network create infra
podman run --network=infra -d -p 8000:8000/udp ubuntu:latest sleep infinity

Same here. A podman run command uses Pasta, but it doesn't with a custom network. I don't think it's an issue related to Compose. I'm using docker-compose itself (with the Podman socket enabled and the DOCKER_HOST environment variable set). I suspect it relates to a custom network, as Compose also creates a custom network.

[qhaas]

Getting pasta to work with podman-compose is now more important since I've started having dns issues that are present in podman-compose launched containers, but not the same container launched with podman, with a recent update to Rocky 9.

[kavishgr]

Little update: I migrated to quadlets gradually. This wasn't because it's difficult, but more like taking on a project at a time, and it's the best thing I ever did. For those still on Compose, do give quadlet a try.