[systemd-devel] Broken network in container

arnaud gaboury arnaud.gaboury at gmail.com
Fri Nov 18 18:55:52 UTC 2016


On Fri, Nov 18, 2016 at 6:52 PM arnaud gaboury <arnaud.gaboury at gmail.com>
wrote:

> On Fri, Nov 18, 2016 at 4:03 PM arnaud gaboury <arnaud.gaboury at gmail.com>
> wrote:
>
> On Fri, Nov 18, 2016 at 3:51 PM arnaud gaboury <arnaud.gaboury at gmail.com>
> wrote:
>
> A recent change (upgrade ?) in my setup broke the network in my container.
> Network is OK on the host, but not on the container.
>
> My setup:
>
> Host: Archlinux -
> % systemctl --version
> systemd 231
> +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
> % ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
> 2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master br0 state UP group default qlen 1000
>     link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
> 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
> group default qlen 1000
>     link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
>     inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
>        valid_lft forever preferred_lft forever
>     inet6 fe80::b40c:ff:fe22:f14a/64 scope link
>        valid_lft forever preferred_lft forever
> 5: ve-poppy at if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
>     link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff link-netnsid 0
>     inet 169.254.92.184/16 brd 169.254.255.255 scope link ve-poppy
>        valid_lft forever preferred_lft forever
>     inet 10.0.0.1/28 brd 10.0.0.15 scope global ve-poppy
>        valid_lft forever preferred_lft forever
>     inet 10.0.0.17/28 brd 10.0.0.31 scope global ve-poppy
>        valid_lft forever preferred_lft forever
>     inet6 fe80::c9a:d7ff:fe18:a359/64 scope link
>        valid_lft forever preferred_lft forever
>
> % networkctl status
> ●        State: routable
>        Address: 192.168.1.87 on br0
>                 172.17.0.1 on docker0
>                 10.0.0.1 on ve-poppy
>                 10.0.0.17 on ve-poppy
>                 169.254.92.184 on ve-poppy
>                 fe80::b40c:ff:fe22:f14a on br0
>                 fe80::c9a:d7ff:fe18:a359 on ve-poppy
>        Gateway: 192.168.1.254 (Technicolor) on br0
>            DNS: 192.168.1.254
>
>
> ------------------------------------------------------------------------------
> Container: Fedora 24 -
> % systemctl --version
> systemd 229
> +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
>  % ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
> 2: host0 at if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
>     link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
>     inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
>        valid_lft forever preferred_lft forever
>     inet6 fe80::c7f:c3ff:fefb:25b1/64 scope link
>        valid_lft forever preferred_lft forever
>
> % networkctl status
> ●        State: routable
>        Address: 192.168.1.94 on host0
>                 fe80::c7f:c3ff:fefb:25b1 on host0
>        Gateway: 192.168.1.254 on host0
>            DNS: 192.168.1.254
>
> # ping 8.8.8.8
>
> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> From 192.168.1.94 icmp_seq=1 Destination Host Unreachable
> From 192.168.1.94 icmp_seq=2 Destination Host Unreachable
> From 192.168.1.94 icmp_seq=3 Destination Host Unreachable
>
> --- 8.8.8.8 ping statistics ---
> 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4008ms
> pipe 4
> -------------------------------------------------------------
>
> Container is started at boot this way: systemd-nspawn at poppy
>
> Network is managed on both OS only by systemd-networkd
>
> /etc/systemd/network/bridge.netdev
> ------------------------------------------------------
> [NetDev]
> Name=br0
> Kind=bridge
>
> /etc/systemd/network/bridge.network
> ----------------------------------------------------------
> [Match]
> Name=br0
>
> [Network]
> Address=192.168.1.87/24
> Description="Dole - Poppy bridge network"
> Gateway=192.168.1.254
> DNS=192.168.1.254
>
> /etc/systemd/network/eth.network
> --------------------------------------------------
> [Match]
> Name=enp7s0
>
> [Network]
> Description="Dole - Static network with bridge"
> Bridge=br0
>
>
> EDIT: if it can help:
>
> Container:
>  % systemctl status systemd-networkd.service
> ● systemd-networkd.service - Network Service
>    Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
> enabled; vendor preset: disabled)
>    Active: active (running) since Fri 2016-11-18 15:14:32 CET; 45min ago
>      Docs: man:systemd-networkd.service(8)
>  Main PID: 41 (systemd-network)
>    Status: "Processing requests..."
>    CGroup: /machine.slice/systemd-nspawn at poppy.service
> /system.slice/systemd-networkd.service
>            └─41 /usr/lib/systemd/systemd-networkd
>
> Nov 18 15:14:32 thetradinghall.com systemd[1]: Starting Network Service...
> Nov 18 15:14:32 thetradinghall.com systemd-networkd[41]: host0: IPv6
> enabled for interface: Success
> Nov 18 15:14:32 thetradinghall.com systemd-networkd[41]: Enumeration
> completed
> Nov 18 15:14:32 thetradinghall.com systemd-networkd[41]: host0: Gained
> carrier
> Nov 18 15:14:32 thetradinghall.com systemd[1]: Started Network Service.
> Nov 18 15:14:33 thetradinghall.com systemd-networkd[41]: host0: Gained
> IPv6LL
> Nov 18 15:14:45 thetradinghall.com systemd-networkd[41]: host0: Starting
> DHCPv6 client after NDisc timeout
> Nov 18 15:14:45 thetradinghall.com systemd-networkd[41]: host0: Configured
>
> Host:
> % systemctl status systemd-networkd.service
> ● systemd-networkd.service - Network Service
>    Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
> enabled; vendor preset: enabled)
>    Active: active (running) since Fri 2016-11-18 13:28:10 CET; 2h 30min ago
>      Docs: man:systemd-networkd.service(8)
>  Main PID: 2174 (systemd-network)
>    Status: "Processing requests..."
>     Tasks: 1 (limit: 4915)
>    Memory: 2.0M
>       CPU: 200ms
>    CGroup: /system.slice/systemd-networkd.service
>            └─2174 /usr/lib/systemd/systemd-networkd
>
> Nov 18 13:28:25 hortensia systemd-networkd[2174]: ve-poppy: Configured
> Nov 18 13:28:26 hortensia systemd-networkd[2174]: br0: Configured
> Nov 18 15:02:35 hortensia systemd-networkd[2174]: ve-poppy: Lost carrier
> Nov 18 15:02:40 hortensia systemd-networkd[2174]: ve-poppy: Gained carrier
> Nov 18 15:02:46 hortensia systemd-networkd[2174]: ve-poppy: Configured
> Nov 18 15:10:19 hortensia systemd-networkd[2174]: ve-poppy: Lost carrier
> Nov 18 15:14:31 hortensia systemd-networkd[2174]: ve-poppy: IPv6 enabled
> for interface: Success
> Nov 18 15:14:32 hortensia systemd-networkd[2174]: ve-poppy: Gained carrier
> Nov 18 15:14:33 hortensia systemd-networkd[2174]: ve-poppy: Gained IPv6LL
> Nov 18 15:14:46 hortensia systemd-networkd[2174]: ve-poppy: Configured
>
>
>
> NEW EDIT: I found this in journalctl:
>
> systemd-networkd enp7s0 could not set bridge vlan: operation not permited
>                                       enp7s0 failed to assign VLANs to
> bridge port: operation not permited
>                                        enp7s0 could not append VLANs :
> operation not permited
>
> same lines for br0.
>
> I already have some permission issues on the container following some
> wrong UID when copying files from host to container.
> See this issue[0] for details
>
>
I found one entry in systemd github issues with similar error messages[1],
but couldn't find any solution

>
> [0·]https://github.com/systemd/systemd/issues/4078#issuecomment-249446811
>
[1]https://github.com/systemd/systemd/issues/3876


> May some one help me in debugging my issue as I can't see any reason for
> this suden issue.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20161118/7801d888/attachment-0001.html>


More information about the systemd-devel mailing list