blog/post/libvirt-podman-netavark-follow-up/index.html

56 lines
20 KiB
HTML
Raw Normal View History

<!doctype html><html lang=en-us data-theme><head><meta charset=utf-8><meta name=HandheldFriendly content="True"><meta name=viewport content="width=device-width,initial-scale=1"><meta name=referrer content="no-referrer-when-downgrade"><title>Libvirt & Podman: follow up for Podman 4.0 and netavark - 1533B4dC0.de</title><meta name=description content="Joining libvirt VMs and containers with Podman 4.0's new network stack netavark"><link rel=icon type=image/x-icon href=https://www.1533b4dc0.de/favicon.ico><link rel=apple-touch-icon-precomposed href=https://www.1533b4dc0.de/favicon.png><style>body{visibility:hidden;opacity:0}</style><noscript><style>body{visibility:visible;opacity:1}</style></noscript><link rel=stylesheet href=https://www.1533b4dc0.de/css/style.min.e4dd69a921886f06d1a0e2bf835aa4fdced2d03b6f83804e6ae146caac8882bb.css integrity="sha256-5N1pqSGIbwbRoOK/g1qk/c7S0Dtvg4BOauFGyqyIgrs="><script src=https://www.1533b4dc0.de/js/script.min.a65afe903825231554d9b55b073eb144da4ccf2d2823b216dcbc6cc656c9de76.js type=text/javascript integrity="sha256-plr+kDglIxVU2bVbBz6xRNpMzy0oI7IW3LxsxlbJ3nY="></script><meta property="og:title" content="Libvirt & Podman: follow up for Podman 4.0 and netavark"><meta property="og:description" content="Joining libvirt VMs and containers with Podman 4.0's new network stack netavark"><meta property="og:type" content="article"><meta property="og:url" content="https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/"><meta property="article:section" content="post"><meta property="article:published_time" content="2022-02-24T00:00:00+00:00"><meta property="article:modified_time" content="2022-02-24T00:00:00+00:00"><meta name=twitter:card content="summary"><meta name=twitter:title content="Libvirt & Podman: follow up for Podman 4.0 and netavark"><meta name=twitter:description content="Joining libvirt VMs and containers with Podman 4.0's new network stack netavark"></head><body><a class=skip-main href=#main>Skip to main content</a><div class=container><header class=common-header><div class=header-top><h1 class=site-title><a href=/>1533B4dC0.de</a></h1><ul class=social-icons><li><a href=https://github.com/baez90 title=Github rel=me><span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path fill="currentcolor" d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6.0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6.0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3.0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1.0-6.2-.3-40.4-.3-61.4.0.0-70 15-84.7-29.8.0.0-11.4-29.1-27.8-36.6.0.0-22.9-15.7 1.6-15.4.0.0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5.0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9.0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4.0 33.7-.3 75.4-.3 83.6.0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6.0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9.0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg></span></a></li><li><a href=https://www.linkedin.com/in/peter-s-kurfer title=Linkedin rel=me><span class=inline-svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path fill="currentcolor" d="M416 32H31.9C14.3 32 0 46.5.0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6.0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3zM135.4 416H69V202.2h66.5V416zm-33.2-243c-21.3.0-38.5-17.3-38.5-38.5S80.9 96 102.2 96c21.2.0 38.5 17.3 38.5 38.5.0 21.3-17.2 38.5-38.5 38.5zm
<a href=https://www.1533b4dc0.de/projects/ title>Projects</a>
<a href=https://www.1533b4dc0.de/tags/ title>Tags</a>
<a href=https://www.1533b4dc0.de/posts/ title>Archive</a></nav></header><main id=main tabindex=-1><article class="post h-entry"><div class=post-header><header><h1 class="p-name post-title">Libvirt & Podman: follow up for Podman 4.0 and netavark</h1></header></div><div class="content e-content"><p>This is a follow up post to <a href=/post/libvirt-podman-network-mesh/>&ldquo;Joining libvirt <abbr title="Virtual Machine">VM</abbr>s and Podman container in a common network&rdquo;</a>.
Therefore I won&rsquo;t cover all the basics again and how to configure libvirt because nothing&rsquo;s changed on that side.</p><h2 id=podman-40>Podman 4.0
<span><a href=#podman-40><svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 007.54.54l3-3a5 5 0 00-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 00-7.54-.54l-3 3a5 5 0 007.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg></a></span></h2><p>Podman 4.0 comes with a completely new network stack replacing the previous <a href=https://www.cni.dev/><abbr title="Container Network Interface">CNI</abbr></a> stack:</p><ul><li><a href=https://github.com/containers/netavark>Netavark</a></li><li><a href=https://github.com/containers/aardvark-dns>Aardvark</a></li></ul><p>There are <a href=https://www.redhat.com/sysadmin/podman-new-network-stack>great resources</a> that explain the backgrounds of both tools and I don&rsquo;t think I could describe it better than the folks implementing it 😄 so if you&rsquo;re interested have a look at the aforementioned article or the <a href=https://podman.io/releases/2022/02/22/podman-release-v4.0.0.html>release post</a>.</p><h2 id=netavark-and-libvirt>Netavark and libvirt
<span><a href=#netavark-and-libvirt><svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 007.54.54l3-3a5 5 0 00-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 00-7.54-.54l-3 3a5 5 0 007.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg></a></span></h2><p>After reading the announcement I was most curious if I would be able to configure an equivalent setup for Netavark like I described it with Podman 3.x and CNI.</p><p><strong>Short answer:</strong> yes, it is possible! 🎉</p><p><em>&ldquo;But how?!&rdquo;</em> do you ask?
Well it&rsquo;s pretty much equivalent to the previous solution: you need to create a new Podman network I once more named it <em>&rsquo;libvirt&rsquo;</em>.
To get an idea how the config should look like and where it should placed.
I reused the CLI call from my previous article:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash><span style=display:flex><span>podman network create <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --disable-dns <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --internal <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --gateway 10.10.2.37 <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --ip-range 10.10.2.160/29 <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --subnet 10.10.2.0/24 <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> libvirt
</span></span></code></pre></div><p>The configuration files are now obviously resided in <code>/etc/containers/networks/</code> and my (already modified) <code>libvirt.json</code> now looks like so:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-json data-lang=json><span style=display:flex><span>{
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;name&#34;</span>: <span style=color:#e6db74>&#34;libvirt&#34;</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;id&#34;</span>: <span style=color:#e6db74>&#34;0489e6e643b97003c47b27a9ce0a6f6a8dce7d5f08329603e79a0ba48ad5285f&#34;</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;driver&#34;</span>: <span style=color:#e6db74>&#34;bridge&#34;</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;network_interface&#34;</span>: <span style=color:#e6db74>&#34;conbr0&#34;</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;created&#34;</span>: <span style=color:#e6db74>&#34;2022-04-05T09:18:48.198960971+01:00&#34;</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;subnets&#34;</span>: [
</span></span><span style=display:flex><span> {
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;subnet&#34;</span>: <span style=color:#e6db74>&#34;10.10.1.0/24&#34;</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;gateway&#34;</span>: <span style=color:#e6db74>&#34;10.10.1.42&#34;</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;lease_range&#34;</span>: {
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;start_ip&#34;</span>: <span style=color:#e6db74>&#34;10.10.1.1&#34;</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;end_ip&#34;</span>: <span style=color:#e6db74>&#34;10.10.1.10&#34;</span>
</span></span><span style=display:flex><span> }
</span></span><span style=display:flex><span> }
</span></span><span style=display:flex><span> ],
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;ipv6_enabled&#34;</span>: <span style=color:#66d9ef>false</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;internal&#34;</span>: <span style=color:#66d9ef>false</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;dns_enabled&#34;</span>: <span style=color:#66d9ef>false</span>,
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;ipam_options&#34;</span>: {
</span></span><span style=display:flex><span> <span style=color:#f92672>&#34;driver&#34;</span>: <span style=color:#e6db74>&#34;host-local&#34;</span>
</span></span><span style=display:flex><span> }
</span></span><span style=display:flex><span>}
</span></span></code></pre></div><p><em>Side note: I&rsquo;m really happy they dropped the <code>.conflist</code> extension because this way most editors offer really helpful syntax highlighting in the first place!</em></p><p>Note that <code>"internal": false</code> is mandatory. Otherwise I wasn&rsquo;t able to establish communication between VM and container.
I also disabled the Aardvark <abbr title="Domain Name System">DNS</abbr> server and IPv6 support because I don&rsquo;t need it and I also don&rsquo;t expect much benefit of it due to the fact that it can&rsquo;t be aware of the VMs present in the network same as <code>dnsmasq</code> won&rsquo;t be able to resolve containers in the libvirt network.</p><p>Having this in place I was again able to reuse the CLI command from my previous article:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash><span style=display:flex><span>podman run <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --rm <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> -d <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --name nginx <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --network libvirt <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> --ip 10.10.1.151 <span style=color:#ae81ff>\
</span></span></span><span style=display:flex><span><span style=color:#ae81ff></span> docker.io/nginx:alpine
</span></span></code></pre></div><p>to create a Nginx container that can be reached from a VM.</p><h2 id=troubleshooting>Troubleshooting
<span><a href=#troubleshooting><svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 007.54.54l3-3a5 5 0 00-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 00-7.54-.54l-3 3a5 5 0 007.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg></a></span></h2><p>Sometimes the communication between container and VM fails - don&rsquo;t know if I restarted the libvirt network previously or somehow fucked up the container network configuration but a:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-bash data-lang=bash><span style=display:flex><span>podman network reload &lt;container ID/container name&gt;
</span></span></code></pre></div><p>often resolved the problem.</p><h2 id=final-thoughts>Final thoughts
<span><a href=#final-thoughts><svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 007.54.54l3-3a5 5 0 00-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 00-7.54-.54l-3 3a5 5 0 007.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg></a></span></h2><p>I haven&rsquo;t used <em>Netavark</em> and <em>Aardvark</em> a lot, yet.
But I already noticed a few <strong>really awesome</strong> things:</p><ul><li>the <code>docker-compose</code> support seems to be a lot better now because containers are actually able to talk to each other by <em>service name</em>, something I wasn&rsquo;t able to configure properly in Podman 3.x - at least not rootless.</li><li>with <em>Netavark</em> all the Podman configuration is now unified within <code>/etc/containers</code> or <code>$HOME/.config/containers</code> respectively</li><li>the new configuration format is a little bit cleaner the the previous one due to the fact that <em>Netavark</em> does not support plugins and with a <code>.json</code> extension editors do help a lot more without requiring extra &ldquo;configuration&rdquo;</li></ul></div><div class=post-info><div class="post-date dt-published">2022-02-24</div><a class="post-hidden-url u-url" href=https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</a>
<a href=https://www.1533b4dc0.de/ class="p-name p-author post-hidden-author h-card" rel=me>Peter Kurfer</a><div class=post-taxonomies><ul class=post-tags><li><a href=https://www.1533b4dc0.de/tags/podman/>#podman</a></li><li><a href=https://www.1533b4dc0.de/tags/libvirt/>#libvirt</a></li><li><a href=https://www.1533b4dc0.de/tags/netavark/>#netavark</a></li></ul></div></div></article></main><footer class=common-footer><div class=common-footer-bottom><div class=copyright><p>© Peter Kurfer, 2022<br>Powered by <a target=_blank rel="noopener noreferrer" href=https://gohugo.io/>Hugo</a>, theme <a target=_blank rel="noopener noreferrer" href=https://github.com/mitrichius/hugo-theme-anubis>Anubis</a>.<br><script src=https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js></script>
<script>mermaid.initialize({startOnLoad:!0,securityLevel:"loose"})</script></p></div><button class=theme-switcher>
Dark theme</button>
<script>const STORAGE_KEY="user-color-scheme",defaultTheme="auto";let currentTheme,switchButton,autoDefinedScheme=window.matchMedia("(prefers-color-scheme: dark)");const autoChangeScheme=e=>{currentTheme=e.matches?"dark":"light",document.documentElement.setAttribute("data-theme",currentTheme),changeButtonText()};document.addEventListener("DOMContentLoaded",function(){switchButton=document.querySelector(".theme-switcher"),currentTheme=detectCurrentScheme(),currentTheme=="dark"&&document.documentElement.setAttribute("data-theme","dark"),currentTheme=="auto"&&(autoChangeScheme(autoDefinedScheme),autoDefinedScheme.addListener(autoChangeScheme)),switchButton&&(changeButtonText(),switchButton.addEventListener("click",switchTheme,!1)),showContent()});function detectCurrentScheme(){return localStorage.getItem(STORAGE_KEY)?localStorage.getItem(STORAGE_KEY):defaultTheme?defaultTheme:window.matchMedia?window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light":"light"}function changeButtonText(e){e&&(e.textContent=currentTheme=="dark"?"Light theme":"Dark theme")}function switchTheme(){currentTheme=="dark"?(localStorage.setItem(STORAGE_KEY,"light"),document.documentElement.setAttribute("data-theme","light"),currentTheme="light"):(localStorage.setItem(STORAGE_KEY,"dark"),document.documentElement.setAttribute("data-theme","dark"),currentTheme="dark"),changeButtonText()}function showContent(){document.body.style.visibility="visible",document.body.style.opacity=1}</script></div><p class="h-card vcard"><a href=https://www.1533b4dc0.de/ class="p-name u-url url fn" rel=me>Peter Kurfer</a></p></footer></div></body></html>