Page MenuHomeVyOS Platform
Create Task
Maniphest T5829

Can't Add IPv6 Address to Containers
Closed, ResolvedPublicBUG
Actions

Description

Any time I try and add a static IPv6 address to a container I get a failure. I'm able to add the subnet to the network definition, but can't add an address to a container. The build was built from source by me today Dec 15 2023 with latest commits.

[edit]
vyos@vyosstage# set container name pihole network cni address 'fd4a:5e89:ff2d:b287::2'
[edit]
vyos@vyosstage# commit
[ container ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
  https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
  https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
  https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report time:      2023-12-16 00:11:58
Image version:    VyOS 1.5-rolling-202312152352
Release train:    current

Built by:         myemail
Built on:         Fri 15 Dec 2023 23:52 UTC
Build UUID:       5fafdd0a-ad03-4cbd-9f2c-b3bb37090427
Build commit ID:  fcdb64e6c4eec8

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    127179ef-7477-4897-9568-57e6f8cdbdff

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/container.py", line 487, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/container.py", line 460, in apply
    cmd(f'systemctl restart vyos-container-{name}.service')
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: systemctl restart vyos-container-pihole.service
returned:
exit code: 1

noteworthy:
cmd 'systemctl restart vyos-container-pihole.service'
returned (out):

returned (err):
Job for vyos-container-pihole.service failed because the control process exited with error code.
See "systemctl status vyos-container-pihole.service" and "journalctl -xeu vyos-container-pihole.service" for details.

[[container]] failed
Commit failed
[edit]

Details

Version
VyOS 1.5-rolling-202312152352
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects
Search...

Event Timeline

jbhardman created this task.Dec 16 2023, 12:15 AM
danhusan subscribed.Dec 16 2023, 9:25 AM
Viacheslav subscribed.Dec 16 2023, 10:31 AM

Is it possible with native podman commands?

pasik subscribed.Dec 16 2023, 10:41 AM
jbhardman added a comment.Dec 16 2023, 4:55 PM

Yes, if I remove the container, and then as root create the container using the exact same podman command that VyOS had used, but just add the --ip6 definition, then the container is created and responds on that ip.

jochristian subscribed.Dec 17 2023, 9:40 AM
Viacheslav changed the task status from Open to In progress.Dec 18 2023, 9:59 AM
Viacheslav claimed this task.
Viacheslav added a comment.Dec 18 2023, 10:40 AM

Adding a new container with both addresses and networks in one commit works fine.

set container name alp01 image 'alpine'
set container name alp01 network NET01 address '10.0.0.12'
set container name alp01 network NET01 address '2001:db8::12'
set container network NET01 prefix '10.0.0.0/24'
set container network NET01 prefix '2001:db8::/64'

The issue could be reproduced if networks were changed, i.e, initial config

set container name alp01 image 'alpine'
set container name alp01 network NET01 address '10.0.0.12'
set container network NET01 prefix '10.0.0.0/24'
commit

And you are adding a new prefix to this network and attaching it to the container

set container network NET01 prefix '2001:db8::/64'
set container name alp01 network NET01 address '2001:db8::12'
commit

The log

Dec 18 12:35:24 r4 podman[14458]: Error: IPAM error: requested ip address 10.0.0.12 is already allocated to container ID f9d31cc81a7091f67e6405752b16e05453ca6f4e12db67caa36d58dcc0a0f759
Dec 18 12:35:24 r4 systemd[1]: vyos-container-alp01.service: Control process exited, code=exited, status=126/n/a
Dec 18 12:35:24 r4 podman[14479]: 2023-12-18 12:35:24.55701853 +0200 EET m=+0.037531158 container remove 744ad248e0f8e53aff7373202c7cf826aa8230e062292a7c761548881c92bd31 (image=docker.io/library/alpine:latest, name=alp01, PODMAN_SYSTEMD_UNIT=vyos-container-alp01.service)
Dec 18 12:35:24 r4 podman[14479]: 744ad248e0f8e53aff7373202c7cf826aa8230e062292a7c761548881c92bd31
Dec 18 12:35:24 r4 systemd[1]: vyos-container-alp01.service: Failed with result 'exit-code'.
jbhardman added a comment.EditedDec 18 2023, 5:56 PM

In my case, the container is created and running using IPv4 only. The network it is in has a defined prefix for IPv4 and IPv6. Then, the only thing I try to do is add an IPv6 address to the container. The network it is connected to already has the IPv6 prefix defined. That is when it dies.

Viacheslav added a comment.Dec 18 2023, 6:51 PM

Yes it should trigger to recreate container but it doesn’t get a dictionary key for recreating

Viacheslav added a comment.Dec 19 2023, 4:00 PM

Firstly, this bug should be fixed T5837

c-po added a parent task: T5837: vyos.configdict.node_changed does not return keys per adding .Dec 23 2023, 9:49 AM
c-po subscribed.EditedDec 24 2023, 11:43 AM

Sometimes container is not cleaned properly, see also https://github.com/containers/podman/issues/15708

c-po added a project: VyOS 1.4 Sagitta.Dec 24 2023, 12:48 PM
c-po mentioned this in rVYOSONEXe70ca62c474b: container: T5829: verify container network used supports the given AFI.Dec 28 2023, 12:35 PM
c-po mentioned this in rVYOSONEX405cc66041d8: container: T5829: fix base key "container" re-use in for loop.
c-po added a parent task: T5867: Upgrade podman to Debian Trixie version 4.7.x.Dec 28 2023, 3:06 PM
c-po added a comment.Dec 28 2023, 3:09 PM

Upstream error appears to be resolved in 4.7.2+ds1-2

c-po claimed this task.Dec 28 2023, 3:09 PM
Restricted Repository Identity mentioned this in rVYOSONEXf8fc5b40b952: Merge pull request #2697 from c-po/sagitta-T5829.Dec 28 2023, 9:28 PM
c-po mentioned this in rVYOSONEX02bb7e09e1bb: container: T5829: fix base key "container" re-use in for loop.Dec 28 2023, 9:28 PM
c-po mentioned this in rVYOSONEX410d66f5f087: container: T5829: verify container network used supports the given AFI.
c-po added a comment.Dec 29 2023, 7:05 PM

Fixed via podman update - upstream bug

c-po closed this task as Resolved.Dec 29 2023, 7:05 PM
c-po moved this task from Open to Finished on the VyOS 1.5 Circinus board.
c-po moved this task from Open to Finished on the VyOS 1.4 Sagitta board.