deploy: dcb4daa7eb
This commit is contained in:
parent
f76c85793f
commit
0bb8a74fab
15 changed files with 549 additions and 20 deletions
File diff suppressed because one or more lines are too long
96
index.xml
96
index.xml
|
@ -24,14 +24,104 @@ Originally I used GitPitch but then the author decided to go with a commercial l
|
|||
The commercial license made sense when I was working at the university but after that it didn’t really make sense any more.
|
||||
So I decided to replace it with a small custom CLI rendering the markdown into a static HTML file and serving it as a local web server (basically).</p>
|
||||
<p>Later on I refined it more and more.
|
||||
Currently I&rsquo;m working on a rewrite which adds e.g. 1st class support for <a href="https://mermaid-js.github.io">mermaid-js</a> diagrams in slides.</p></description></item><item><title>Libvirt & Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description><p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
|
||||
<p>When playing around with containers and VMs one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
|
||||
Currently I&rsquo;m working on a rewrite which adds e.g. 1st class support for <a href="https://mermaid-js.github.io">mermaid-js</a> diagrams in slides.</p></description></item><item><title>Libvirt & Podman: follow up for Podman 4.0 and netavark</title><link>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</guid><description><p>This is a follow up post to <a href="https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/">&ldquo;Joining libvirt <abbr title="Virtual Machine">VM</abbr>s and Podman container in a common network&rdquo;</a>.
|
||||
Therefore I won&rsquo;t cover all the basics again and how to configure libvirt because nothing&rsquo;s changed on that side.</p>
|
||||
<h2 id="podman-40" >Podman 4.0
|
||||
<span>
|
||||
<a href="#podman-40">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Podman 4.0 comes with a completely new network stack replacing the previous <a href="https://www.cni.dev/"><abbr title="Container Network Interface">CNI</abbr></a> stack:</p>
|
||||
<ul>
|
||||
<li><a href="https://github.com/containers/netavark">Netavark</a></li>
|
||||
<li><a href="https://github.com/containers/aardvark-dns">Aardvark</a></li>
|
||||
</ul>
|
||||
<p>There are <a href="https://www.redhat.com/sysadmin/podman-new-network-stack">great resources</a> that explain the backgrounds of both tools and I don&rsquo;t think I could describe it better than the folks implementing it 😄 so if you&rsquo;re interested have a look at the aforementioned article or the <a href="https://podman.io/releases/2022/02/22/podman-release-v4.0.0.html">release post</a>.</p>
|
||||
<h2 id="netavark-and-libvirt" >Netavark and libvirt
|
||||
<span>
|
||||
<a href="#netavark-and-libvirt">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>After reading the announcement I was most curious if I would be able to configure an equivalent setup for Netavark like I described it with Podman 3.x and CNI.</p>
|
||||
<p><strong>Short answer:</strong> yes, it is possible! 🎉</p>
|
||||
<p><em>&ldquo;But how?!&rdquo;</em> do you ask?
|
||||
Well it&rsquo;s pretty much equivalent to the previous solution: you need to create a new Podman network I once more named it <em>&rsquo;libvirt&rsquo;</em>.
|
||||
To get an idea how the config should look like and where it should placed.
|
||||
I reused the CLI call from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network create <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --disable-dns <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --internal <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --gateway 10.10.2.37 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip-range 10.10.2.160/29 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --subnet 10.10.2.0/24 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> libvirt
|
||||
</span></span></code></pre></div><p>The configuration files are now obviously resided in <code>/etc/containers/networks/</code> and my (already modified) <code>libvirt.json</code> now looks like so:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;name&#34;</span>: <span style="color:#e6db74">&#34;libvirt&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;id&#34;</span>: <span style="color:#e6db74">&#34;0489e6e643b97003c47b27a9ce0a6f6a8dce7d5f08329603e79a0ba48ad5285f&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;bridge&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;network_interface&#34;</span>: <span style="color:#e6db74">&#34;conbr0&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;created&#34;</span>: <span style="color:#e6db74">&#34;2022-04-05T09:18:48.198960971+01:00&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnets&#34;</span>: [
|
||||
</span></span><span style="display:flex;"><span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnet&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.0/24&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;gateway&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.42&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;lease_range&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;start_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.1&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;end_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.10&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> ],
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipv6_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;internal&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;dns_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipam_options&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;host-local&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p><em>Side note: I&rsquo;m really happy they dropped the <code>.conflist</code> extension because this way most editors offer really helpful syntax highlighting in the first place!</em></p>
|
||||
<p>Note that <code>&quot;internal&quot;: false</code> is mandatory. Otherwise I wasn&rsquo;t able to establish communication between VM and container.
|
||||
I also disabled the Aardvark <abbr title="Domain Name System">DNS</abbr> server and IPv6 support because I don&rsquo;t need it and I also don&rsquo;t expect much benefit of it due to the fact that it can&rsquo;t be aware of the VMs present in the network same as <code>dnsmasq</code> won&rsquo;t be able to resolve containers in the libvirt network.</p>
|
||||
<p>Having this in place I was again able to reuse the CLI command from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman run <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --rm <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> -d <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --name nginx <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --network libvirt <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip 10.10.1.151 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> docker.io/nginx:alpine
|
||||
</span></span></code></pre></div><p>to create a Nginx container that can be reached from a VM.</p>
|
||||
<h2 id="troubleshooting" >Troubleshooting
|
||||
<span>
|
||||
<a href="#troubleshooting">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Sometimes the communication between container and VM fails - don&rsquo;t know if I restarted the libvirt network previously or somehow fucked up the container network configuration but a:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network reload &lt;container ID/container name&gt;
|
||||
</span></span></code></pre></div><p>often resolved the problem.</p>
|
||||
<h2 id="final-thoughts" >Final thoughts
|
||||
<span>
|
||||
<a href="#final-thoughts">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>I haven&rsquo;t used <em>Netavark</em> and <em>Aardvark</em> a lot, yet.
|
||||
But I already noticed a few <strong>really awesome</strong> things:</p>
|
||||
<ul>
|
||||
<li>the <code>docker-compose</code> support seems to be a lot better now because containers are actually able to talk to each other by <em>service name</em>, something I wasn&rsquo;t able to configure properly in Podman 3.x - at least not rootless.</li>
|
||||
<li>with <em>Netavark</em> all the Podman configuration is now unified within <code>/etc/containers</code> or <code>$HOME/.config/containers</code> respectively</li>
|
||||
<li>the new configuration format is a little bit cleaner the the previous one due to the fact that <em>Netavark</em> does not support plugins and with a <code>.json</code> extension editors do help a lot more without requiring extra &ldquo;configuration&rdquo;</li>
|
||||
</ul></description></item><item><title>Libvirt & Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description><p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the <abbr title="Container Network Interface">CNI</abbr> driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
|
||||
<p>When playing around with containers and <abbr title="Virtual Machine">VM</abbr>s one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
|
||||
I see &lsquo;why the hell would I need a VM anyway when already having containers&rsquo; or something similar I almost see on your face 😜</p>
|
||||
<p>Well 1st of all, not everything can be solved with containers.
|
||||
For instance windows applications can be run in Windows containers but I&rsquo;m not aware of how to run a Windows container on my Linux desktop.</p>
|
||||
<p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
|
||||
As you might know I&rsquo;m a bit of network 🤓 and I love playing around with &lsquo;weird&rsquo; stuff almost no one else does even think about if not forced to.
|
||||
So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with DNAT support (stay tuned - post&rsquo;s following!).</p>
|
||||
So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with <abbr title="Destination network address translation">DNAT</abbr> support (stay tuned - post&rsquo;s following!).</p>
|
||||
<h2 id="part-1-libvirt-preparation" >Part 1: Libvirt preparation
|
||||
<span>
|
||||
<a href="#part-1-libvirt-preparation">
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -1,11 +1,101 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Posts on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/post/</link><description>1533B4dC0.de (Posts)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/post/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt & Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description><p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
|
||||
<p>When playing around with containers and VMs one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
|
||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Posts on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/post/</link><description>1533B4dC0.de (Posts)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/post/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt & Podman: follow up for Podman 4.0 and netavark</title><link>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</guid><description><p>This is a follow up post to <a href="https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/">&ldquo;Joining libvirt <abbr title="Virtual Machine">VM</abbr>s and Podman container in a common network&rdquo;</a>.
|
||||
Therefore I won&rsquo;t cover all the basics again and how to configure libvirt because nothing&rsquo;s changed on that side.</p>
|
||||
<h2 id="podman-40" >Podman 4.0
|
||||
<span>
|
||||
<a href="#podman-40">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Podman 4.0 comes with a completely new network stack replacing the previous <a href="https://www.cni.dev/"><abbr title="Container Network Interface">CNI</abbr></a> stack:</p>
|
||||
<ul>
|
||||
<li><a href="https://github.com/containers/netavark">Netavark</a></li>
|
||||
<li><a href="https://github.com/containers/aardvark-dns">Aardvark</a></li>
|
||||
</ul>
|
||||
<p>There are <a href="https://www.redhat.com/sysadmin/podman-new-network-stack">great resources</a> that explain the backgrounds of both tools and I don&rsquo;t think I could describe it better than the folks implementing it 😄 so if you&rsquo;re interested have a look at the aforementioned article or the <a href="https://podman.io/releases/2022/02/22/podman-release-v4.0.0.html">release post</a>.</p>
|
||||
<h2 id="netavark-and-libvirt" >Netavark and libvirt
|
||||
<span>
|
||||
<a href="#netavark-and-libvirt">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>After reading the announcement I was most curious if I would be able to configure an equivalent setup for Netavark like I described it with Podman 3.x and CNI.</p>
|
||||
<p><strong>Short answer:</strong> yes, it is possible! 🎉</p>
|
||||
<p><em>&ldquo;But how?!&rdquo;</em> do you ask?
|
||||
Well it&rsquo;s pretty much equivalent to the previous solution: you need to create a new Podman network I once more named it <em>&rsquo;libvirt&rsquo;</em>.
|
||||
To get an idea how the config should look like and where it should placed.
|
||||
I reused the CLI call from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network create <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --disable-dns <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --internal <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --gateway 10.10.2.37 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip-range 10.10.2.160/29 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --subnet 10.10.2.0/24 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> libvirt
|
||||
</span></span></code></pre></div><p>The configuration files are now obviously resided in <code>/etc/containers/networks/</code> and my (already modified) <code>libvirt.json</code> now looks like so:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;name&#34;</span>: <span style="color:#e6db74">&#34;libvirt&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;id&#34;</span>: <span style="color:#e6db74">&#34;0489e6e643b97003c47b27a9ce0a6f6a8dce7d5f08329603e79a0ba48ad5285f&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;bridge&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;network_interface&#34;</span>: <span style="color:#e6db74">&#34;conbr0&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;created&#34;</span>: <span style="color:#e6db74">&#34;2022-04-05T09:18:48.198960971+01:00&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnets&#34;</span>: [
|
||||
</span></span><span style="display:flex;"><span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnet&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.0/24&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;gateway&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.42&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;lease_range&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;start_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.1&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;end_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.10&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> ],
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipv6_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;internal&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;dns_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipam_options&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;host-local&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p><em>Side note: I&rsquo;m really happy they dropped the <code>.conflist</code> extension because this way most editors offer really helpful syntax highlighting in the first place!</em></p>
|
||||
<p>Note that <code>&quot;internal&quot;: false</code> is mandatory. Otherwise I wasn&rsquo;t able to establish communication between VM and container.
|
||||
I also disabled the Aardvark <abbr title="Domain Name System">DNS</abbr> server and IPv6 support because I don&rsquo;t need it and I also don&rsquo;t expect much benefit of it due to the fact that it can&rsquo;t be aware of the VMs present in the network same as <code>dnsmasq</code> won&rsquo;t be able to resolve containers in the libvirt network.</p>
|
||||
<p>Having this in place I was again able to reuse the CLI command from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman run <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --rm <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> -d <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --name nginx <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --network libvirt <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip 10.10.1.151 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> docker.io/nginx:alpine
|
||||
</span></span></code></pre></div><p>to create a Nginx container that can be reached from a VM.</p>
|
||||
<h2 id="troubleshooting" >Troubleshooting
|
||||
<span>
|
||||
<a href="#troubleshooting">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Sometimes the communication between container and VM fails - don&rsquo;t know if I restarted the libvirt network previously or somehow fucked up the container network configuration but a:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network reload &lt;container ID/container name&gt;
|
||||
</span></span></code></pre></div><p>often resolved the problem.</p>
|
||||
<h2 id="final-thoughts" >Final thoughts
|
||||
<span>
|
||||
<a href="#final-thoughts">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>I haven&rsquo;t used <em>Netavark</em> and <em>Aardvark</em> a lot, yet.
|
||||
But I already noticed a few <strong>really awesome</strong> things:</p>
|
||||
<ul>
|
||||
<li>the <code>docker-compose</code> support seems to be a lot better now because containers are actually able to talk to each other by <em>service name</em>, something I wasn&rsquo;t able to configure properly in Podman 3.x - at least not rootless.</li>
|
||||
<li>with <em>Netavark</em> all the Podman configuration is now unified within <code>/etc/containers</code> or <code>$HOME/.config/containers</code> respectively</li>
|
||||
<li>the new configuration format is a little bit cleaner the the previous one due to the fact that <em>Netavark</em> does not support plugins and with a <code>.json</code> extension editors do help a lot more without requiring extra &ldquo;configuration&rdquo;</li>
|
||||
</ul></description></item><item><title>Libvirt & Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description><p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the <abbr title="Container Network Interface">CNI</abbr> driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
|
||||
<p>When playing around with containers and <abbr title="Virtual Machine">VM</abbr>s one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
|
||||
I see &lsquo;why the hell would I need a VM anyway when already having containers&rsquo; or something similar I almost see on your face 😜</p>
|
||||
<p>Well 1st of all, not everything can be solved with containers.
|
||||
For instance windows applications can be run in Windows containers but I&rsquo;m not aware of how to run a Windows container on my Linux desktop.</p>
|
||||
<p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
|
||||
As you might know I&rsquo;m a bit of network 🤓 and I love playing around with &lsquo;weird&rsquo; stuff almost no one else does even think about if not forced to.
|
||||
So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with DNAT support (stay tuned - post&rsquo;s following!).</p>
|
||||
So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with <abbr title="Destination network address translation">DNAT</abbr> support (stay tuned - post&rsquo;s following!).</p>
|
||||
<h2 id="part-1-libvirt-preparation" >Part 1: Libvirt preparation
|
||||
<span>
|
||||
<a href="#part-1-libvirt-preparation">
|
||||
|
|
56
post/libvirt-podman-netavark-follow-up/index.html
Normal file
56
post/libvirt-podman-netavark-follow-up/index.html
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1 +1 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xhtml="http://www.w3.org/1999/xhtml"><url><loc>https://www.1533b4dc0.de/about/</loc></url><url><loc>https://www.1533b4dc0.de/projects/</loc></url><url><loc>https://www.1533b4dc0.de/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/libvirt/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/podman/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/post/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/categories/</loc></url><url><loc>https://www.1533b4dc0.de/tags/index/</loc></url></urlset>
|
||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xhtml="http://www.w3.org/1999/xhtml"><url><loc>https://www.1533b4dc0.de/about/</loc></url><url><loc>https://www.1533b4dc0.de/projects/</loc></url><url><loc>https://www.1533b4dc0.de/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/libvirt/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/netavark/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/podman/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/post/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/tags/</loc><lastmod>2022-02-24T00:00:00+00:00</lastmod></url><url><loc>https://www.1533b4dc0.de/categories/</loc></url><url><loc>https://www.1533b4dc0.de/tags/index/</loc></url></urlset>
|
|
@ -3,8 +3,9 @@
|
|||
<a href=https://www.1533b4dc0.de/tags/ title>Tags</a>
|
||||
<a href=https://www.1533b4dc0.de/posts/ title>Archive</a></nav></header><main id=main tabindex=-1><div class=index-content></div><h1>Tags</h1><ul class=terms><li><a href=/tags/index/>index</a>
|
||||
(1)</li><li><a href=/tags/libvirt/>libvirt</a>
|
||||
(2)</li><li><a href=/tags/netavark/>netavark</a>
|
||||
(1)</li><li><a href=/tags/podman/>podman</a>
|
||||
(1)</li></ul></main><footer class=common-footer><div class=common-footer-bottom><div class=copyright><p>© Peter Kurfer, 2022<br>Powered by <a target=_blank rel="noopener noreferrer" href=https://gohugo.io/>Hugo</a>, theme <a target=_blank rel="noopener noreferrer" href=https://github.com/mitrichius/hugo-theme-anubis>Anubis</a>.<br><script src=https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js></script>
|
||||
(2)</li></ul></main><footer class=common-footer><div class=common-footer-bottom><div class=copyright><p>© Peter Kurfer, 2022<br>Powered by <a target=_blank rel="noopener noreferrer" href=https://gohugo.io/>Hugo</a>, theme <a target=_blank rel="noopener noreferrer" href=https://github.com/mitrichius/hugo-theme-anubis>Anubis</a>.<br><script src=https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js></script>
|
||||
<script>mermaid.initialize({startOnLoad:!0,securityLevel:"loose"})</script></p></div><button class=theme-switcher>
|
||||
Dark theme</button>
|
||||
<script>const STORAGE_KEY="user-color-scheme",defaultTheme="auto";let currentTheme,switchButton,autoDefinedScheme=window.matchMedia("(prefers-color-scheme: dark)");const autoChangeScheme=e=>{currentTheme=e.matches?"dark":"light",document.documentElement.setAttribute("data-theme",currentTheme),changeButtonText()};document.addEventListener("DOMContentLoaded",function(){switchButton=document.querySelector(".theme-switcher"),currentTheme=detectCurrentScheme(),currentTheme=="dark"&&document.documentElement.setAttribute("data-theme","dark"),currentTheme=="auto"&&(autoChangeScheme(autoDefinedScheme),autoDefinedScheme.addListener(autoChangeScheme)),switchButton&&(changeButtonText(),switchButton.addEventListener("click",switchTheme,!1)),showContent()});function detectCurrentScheme(){return localStorage.getItem(STORAGE_KEY)?localStorage.getItem(STORAGE_KEY):defaultTheme?defaultTheme:window.matchMedia?window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light":"light"}function changeButtonText(e){e&&(e.textContent=currentTheme=="dark"?"Light theme":"Dark theme")}function switchTheme(){currentTheme=="dark"?(localStorage.setItem(STORAGE_KEY,"light"),document.documentElement.setAttribute("data-theme","light"),currentTheme="light"):(localStorage.setItem(STORAGE_KEY,"dark"),document.documentElement.setAttribute("data-theme","dark"),currentTheme="dark"),changeButtonText()}function showContent(){document.body.style.visibility="visible",document.body.style.opacity=1}</script></div><p class="h-card vcard"><a href=https://www.1533b4dc0.de/ class="p-name u-url url fn" rel=me>Peter Kurfer</a></p></footer></div></body></html>
|
File diff suppressed because one or more lines are too long
|
@ -1,11 +1,101 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>libvirt on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/libvirt/</link><description>1533B4dC0.de (libvirt)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/tags/libvirt/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt & Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description><p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
|
||||
<p>When playing around with containers and VMs one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
|
||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>libvirt on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/libvirt/</link><description>1533B4dC0.de (libvirt)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/tags/libvirt/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt & Podman: follow up for Podman 4.0 and netavark</title><link>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</guid><description><p>This is a follow up post to <a href="https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/">&ldquo;Joining libvirt <abbr title="Virtual Machine">VM</abbr>s and Podman container in a common network&rdquo;</a>.
|
||||
Therefore I won&rsquo;t cover all the basics again and how to configure libvirt because nothing&rsquo;s changed on that side.</p>
|
||||
<h2 id="podman-40" >Podman 4.0
|
||||
<span>
|
||||
<a href="#podman-40">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Podman 4.0 comes with a completely new network stack replacing the previous <a href="https://www.cni.dev/"><abbr title="Container Network Interface">CNI</abbr></a> stack:</p>
|
||||
<ul>
|
||||
<li><a href="https://github.com/containers/netavark">Netavark</a></li>
|
||||
<li><a href="https://github.com/containers/aardvark-dns">Aardvark</a></li>
|
||||
</ul>
|
||||
<p>There are <a href="https://www.redhat.com/sysadmin/podman-new-network-stack">great resources</a> that explain the backgrounds of both tools and I don&rsquo;t think I could describe it better than the folks implementing it 😄 so if you&rsquo;re interested have a look at the aforementioned article or the <a href="https://podman.io/releases/2022/02/22/podman-release-v4.0.0.html">release post</a>.</p>
|
||||
<h2 id="netavark-and-libvirt" >Netavark and libvirt
|
||||
<span>
|
||||
<a href="#netavark-and-libvirt">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>After reading the announcement I was most curious if I would be able to configure an equivalent setup for Netavark like I described it with Podman 3.x and CNI.</p>
|
||||
<p><strong>Short answer:</strong> yes, it is possible! 🎉</p>
|
||||
<p><em>&ldquo;But how?!&rdquo;</em> do you ask?
|
||||
Well it&rsquo;s pretty much equivalent to the previous solution: you need to create a new Podman network I once more named it <em>&rsquo;libvirt&rsquo;</em>.
|
||||
To get an idea how the config should look like and where it should placed.
|
||||
I reused the CLI call from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network create <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --disable-dns <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --internal <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --gateway 10.10.2.37 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip-range 10.10.2.160/29 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --subnet 10.10.2.0/24 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> libvirt
|
||||
</span></span></code></pre></div><p>The configuration files are now obviously resided in <code>/etc/containers/networks/</code> and my (already modified) <code>libvirt.json</code> now looks like so:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;name&#34;</span>: <span style="color:#e6db74">&#34;libvirt&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;id&#34;</span>: <span style="color:#e6db74">&#34;0489e6e643b97003c47b27a9ce0a6f6a8dce7d5f08329603e79a0ba48ad5285f&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;bridge&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;network_interface&#34;</span>: <span style="color:#e6db74">&#34;conbr0&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;created&#34;</span>: <span style="color:#e6db74">&#34;2022-04-05T09:18:48.198960971+01:00&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnets&#34;</span>: [
|
||||
</span></span><span style="display:flex;"><span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnet&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.0/24&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;gateway&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.42&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;lease_range&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;start_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.1&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;end_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.10&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> ],
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipv6_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;internal&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;dns_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipam_options&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;host-local&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p><em>Side note: I&rsquo;m really happy they dropped the <code>.conflist</code> extension because this way most editors offer really helpful syntax highlighting in the first place!</em></p>
|
||||
<p>Note that <code>&quot;internal&quot;: false</code> is mandatory. Otherwise I wasn&rsquo;t able to establish communication between VM and container.
|
||||
I also disabled the Aardvark <abbr title="Domain Name System">DNS</abbr> server and IPv6 support because I don&rsquo;t need it and I also don&rsquo;t expect much benefit of it due to the fact that it can&rsquo;t be aware of the VMs present in the network same as <code>dnsmasq</code> won&rsquo;t be able to resolve containers in the libvirt network.</p>
|
||||
<p>Having this in place I was again able to reuse the CLI command from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman run <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --rm <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> -d <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --name nginx <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --network libvirt <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip 10.10.1.151 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> docker.io/nginx:alpine
|
||||
</span></span></code></pre></div><p>to create a Nginx container that can be reached from a VM.</p>
|
||||
<h2 id="troubleshooting" >Troubleshooting
|
||||
<span>
|
||||
<a href="#troubleshooting">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Sometimes the communication between container and VM fails - don&rsquo;t know if I restarted the libvirt network previously or somehow fucked up the container network configuration but a:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network reload &lt;container ID/container name&gt;
|
||||
</span></span></code></pre></div><p>often resolved the problem.</p>
|
||||
<h2 id="final-thoughts" >Final thoughts
|
||||
<span>
|
||||
<a href="#final-thoughts">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>I haven&rsquo;t used <em>Netavark</em> and <em>Aardvark</em> a lot, yet.
|
||||
But I already noticed a few <strong>really awesome</strong> things:</p>
|
||||
<ul>
|
||||
<li>the <code>docker-compose</code> support seems to be a lot better now because containers are actually able to talk to each other by <em>service name</em>, something I wasn&rsquo;t able to configure properly in Podman 3.x - at least not rootless.</li>
|
||||
<li>with <em>Netavark</em> all the Podman configuration is now unified within <code>/etc/containers</code> or <code>$HOME/.config/containers</code> respectively</li>
|
||||
<li>the new configuration format is a little bit cleaner the the previous one due to the fact that <em>Netavark</em> does not support plugins and with a <code>.json</code> extension editors do help a lot more without requiring extra &ldquo;configuration&rdquo;</li>
|
||||
</ul></description></item><item><title>Libvirt & Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description><p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the <abbr title="Container Network Interface">CNI</abbr> driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
|
||||
<p>When playing around with containers and <abbr title="Virtual Machine">VM</abbr>s one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
|
||||
I see &lsquo;why the hell would I need a VM anyway when already having containers&rsquo; or something similar I almost see on your face 😜</p>
|
||||
<p>Well 1st of all, not everything can be solved with containers.
|
||||
For instance windows applications can be run in Windows containers but I&rsquo;m not aware of how to run a Windows container on my Linux desktop.</p>
|
||||
<p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
|
||||
As you might know I&rsquo;m a bit of network 🤓 and I love playing around with &lsquo;weird&rsquo; stuff almost no one else does even think about if not forced to.
|
||||
So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with DNAT support (stay tuned - post&rsquo;s following!).</p>
|
||||
So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with <abbr title="Destination network address translation">DNAT</abbr> support (stay tuned - post&rsquo;s following!).</p>
|
||||
<h2 id="part-1-libvirt-preparation" >Part 1: Libvirt preparation
|
||||
<span>
|
||||
<a href="#part-1-libvirt-preparation">
|
||||
|
|
10
tags/netavark/index.html
Normal file
10
tags/netavark/index.html
Normal file
File diff suppressed because one or more lines are too long
91
tags/netavark/index.xml
Normal file
91
tags/netavark/index.xml
Normal file
|
@ -0,0 +1,91 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>netavark on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/netavark/</link><description>1533B4dC0.de (netavark)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/tags/netavark/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt & Podman: follow up for Podman 4.0 and netavark</title><link>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</guid><description><p>This is a follow up post to <a href="https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/">&ldquo;Joining libvirt <abbr title="Virtual Machine">VM</abbr>s and Podman container in a common network&rdquo;</a>.
|
||||
Therefore I won&rsquo;t cover all the basics again and how to configure libvirt because nothing&rsquo;s changed on that side.</p>
|
||||
<h2 id="podman-40" >Podman 4.0
|
||||
<span>
|
||||
<a href="#podman-40">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Podman 4.0 comes with a completely new network stack replacing the previous <a href="https://www.cni.dev/"><abbr title="Container Network Interface">CNI</abbr></a> stack:</p>
|
||||
<ul>
|
||||
<li><a href="https://github.com/containers/netavark">Netavark</a></li>
|
||||
<li><a href="https://github.com/containers/aardvark-dns">Aardvark</a></li>
|
||||
</ul>
|
||||
<p>There are <a href="https://www.redhat.com/sysadmin/podman-new-network-stack">great resources</a> that explain the backgrounds of both tools and I don&rsquo;t think I could describe it better than the folks implementing it 😄 so if you&rsquo;re interested have a look at the aforementioned article or the <a href="https://podman.io/releases/2022/02/22/podman-release-v4.0.0.html">release post</a>.</p>
|
||||
<h2 id="netavark-and-libvirt" >Netavark and libvirt
|
||||
<span>
|
||||
<a href="#netavark-and-libvirt">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>After reading the announcement I was most curious if I would be able to configure an equivalent setup for Netavark like I described it with Podman 3.x and CNI.</p>
|
||||
<p><strong>Short answer:</strong> yes, it is possible! 🎉</p>
|
||||
<p><em>&ldquo;But how?!&rdquo;</em> do you ask?
|
||||
Well it&rsquo;s pretty much equivalent to the previous solution: you need to create a new Podman network I once more named it <em>&rsquo;libvirt&rsquo;</em>.
|
||||
To get an idea how the config should look like and where it should placed.
|
||||
I reused the CLI call from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network create <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --disable-dns <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --internal <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --gateway 10.10.2.37 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip-range 10.10.2.160/29 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --subnet 10.10.2.0/24 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> libvirt
|
||||
</span></span></code></pre></div><p>The configuration files are now obviously resided in <code>/etc/containers/networks/</code> and my (already modified) <code>libvirt.json</code> now looks like so:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;name&#34;</span>: <span style="color:#e6db74">&#34;libvirt&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;id&#34;</span>: <span style="color:#e6db74">&#34;0489e6e643b97003c47b27a9ce0a6f6a8dce7d5f08329603e79a0ba48ad5285f&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;bridge&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;network_interface&#34;</span>: <span style="color:#e6db74">&#34;conbr0&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;created&#34;</span>: <span style="color:#e6db74">&#34;2022-04-05T09:18:48.198960971+01:00&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnets&#34;</span>: [
|
||||
</span></span><span style="display:flex;"><span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnet&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.0/24&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;gateway&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.42&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;lease_range&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;start_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.1&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;end_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.10&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> ],
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipv6_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;internal&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;dns_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipam_options&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;host-local&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p><em>Side note: I&rsquo;m really happy they dropped the <code>.conflist</code> extension because this way most editors offer really helpful syntax highlighting in the first place!</em></p>
|
||||
<p>Note that <code>&quot;internal&quot;: false</code> is mandatory. Otherwise I wasn&rsquo;t able to establish communication between VM and container.
|
||||
I also disabled the Aardvark <abbr title="Domain Name System">DNS</abbr> server and IPv6 support because I don&rsquo;t need it and I also don&rsquo;t expect much benefit of it due to the fact that it can&rsquo;t be aware of the VMs present in the network same as <code>dnsmasq</code> won&rsquo;t be able to resolve containers in the libvirt network.</p>
|
||||
<p>Having this in place I was again able to reuse the CLI command from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman run <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --rm <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> -d <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --name nginx <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --network libvirt <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip 10.10.1.151 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> docker.io/nginx:alpine
|
||||
</span></span></code></pre></div><p>to create a Nginx container that can be reached from a VM.</p>
|
||||
<h2 id="troubleshooting" >Troubleshooting
|
||||
<span>
|
||||
<a href="#troubleshooting">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Sometimes the communication between container and VM fails - don&rsquo;t know if I restarted the libvirt network previously or somehow fucked up the container network configuration but a:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network reload &lt;container ID/container name&gt;
|
||||
</span></span></code></pre></div><p>often resolved the problem.</p>
|
||||
<h2 id="final-thoughts" >Final thoughts
|
||||
<span>
|
||||
<a href="#final-thoughts">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>I haven&rsquo;t used <em>Netavark</em> and <em>Aardvark</em> a lot, yet.
|
||||
But I already noticed a few <strong>really awesome</strong> things:</p>
|
||||
<ul>
|
||||
<li>the <code>docker-compose</code> support seems to be a lot better now because containers are actually able to talk to each other by <em>service name</em>, something I wasn&rsquo;t able to configure properly in Podman 3.x - at least not rootless.</li>
|
||||
<li>with <em>Netavark</em> all the Podman configuration is now unified within <code>/etc/containers</code> or <code>$HOME/.config/containers</code> respectively</li>
|
||||
<li>the new configuration format is a little bit cleaner the the previous one due to the fact that <em>Netavark</em> does not support plugins and with a <code>.json</code> extension editors do help a lot more without requiring extra &ldquo;configuration&rdquo;</li>
|
||||
</ul></description></item></channel></rss>
|
1
tags/netavark/page/1/index.html
Normal file
1
tags/netavark/page/1/index.html
Normal file
|
@ -0,0 +1 @@
|
|||
<!doctype html><html lang=en-us><head><title>https://www.1533b4dc0.de/tags/netavark/</title><link rel=canonical href=https://www.1533b4dc0.de/tags/netavark/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://www.1533b4dc0.de/tags/netavark/"></head></html>
|
File diff suppressed because one or more lines are too long
|
@ -1,11 +1,101 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>podman on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/podman/</link><description>1533B4dC0.de (podman)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/tags/podman/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt & Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description><p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the CNI driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
|
||||
<p>When playing around with containers and VMs one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
|
||||
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>podman on 1533B4dC0.de</title><link>https://www.1533b4dc0.de/tags/podman/</link><description>1533B4dC0.de (podman)</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 24 Feb 2022 00:00:00 +0000</lastBuildDate><atom:link href="https://www.1533b4dc0.de/tags/podman/index.xml" rel="self" type="application/rss+xml"/><item><title>Libvirt & Podman: follow up for Podman 4.0 and netavark</title><link>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-netavark-follow-up/</guid><description><p>This is a follow up post to <a href="https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/">&ldquo;Joining libvirt <abbr title="Virtual Machine">VM</abbr>s and Podman container in a common network&rdquo;</a>.
|
||||
Therefore I won&rsquo;t cover all the basics again and how to configure libvirt because nothing&rsquo;s changed on that side.</p>
|
||||
<h2 id="podman-40" >Podman 4.0
|
||||
<span>
|
||||
<a href="#podman-40">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Podman 4.0 comes with a completely new network stack replacing the previous <a href="https://www.cni.dev/"><abbr title="Container Network Interface">CNI</abbr></a> stack:</p>
|
||||
<ul>
|
||||
<li><a href="https://github.com/containers/netavark">Netavark</a></li>
|
||||
<li><a href="https://github.com/containers/aardvark-dns">Aardvark</a></li>
|
||||
</ul>
|
||||
<p>There are <a href="https://www.redhat.com/sysadmin/podman-new-network-stack">great resources</a> that explain the backgrounds of both tools and I don&rsquo;t think I could describe it better than the folks implementing it 😄 so if you&rsquo;re interested have a look at the aforementioned article or the <a href="https://podman.io/releases/2022/02/22/podman-release-v4.0.0.html">release post</a>.</p>
|
||||
<h2 id="netavark-and-libvirt" >Netavark and libvirt
|
||||
<span>
|
||||
<a href="#netavark-and-libvirt">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>After reading the announcement I was most curious if I would be able to configure an equivalent setup for Netavark like I described it with Podman 3.x and CNI.</p>
|
||||
<p><strong>Short answer:</strong> yes, it is possible! 🎉</p>
|
||||
<p><em>&ldquo;But how?!&rdquo;</em> do you ask?
|
||||
Well it&rsquo;s pretty much equivalent to the previous solution: you need to create a new Podman network I once more named it <em>&rsquo;libvirt&rsquo;</em>.
|
||||
To get an idea how the config should look like and where it should placed.
|
||||
I reused the CLI call from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network create <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --disable-dns <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --internal <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --gateway 10.10.2.37 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip-range 10.10.2.160/29 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --subnet 10.10.2.0/24 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> libvirt
|
||||
</span></span></code></pre></div><p>The configuration files are now obviously resided in <code>/etc/containers/networks/</code> and my (already modified) <code>libvirt.json</code> now looks like so:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;name&#34;</span>: <span style="color:#e6db74">&#34;libvirt&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;id&#34;</span>: <span style="color:#e6db74">&#34;0489e6e643b97003c47b27a9ce0a6f6a8dce7d5f08329603e79a0ba48ad5285f&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;bridge&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;network_interface&#34;</span>: <span style="color:#e6db74">&#34;conbr0&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;created&#34;</span>: <span style="color:#e6db74">&#34;2022-04-05T09:18:48.198960971+01:00&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnets&#34;</span>: [
|
||||
</span></span><span style="display:flex;"><span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;subnet&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.0/24&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;gateway&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.42&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;lease_range&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;start_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.1&#34;</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;end_ip&#34;</span>: <span style="color:#e6db74">&#34;10.10.1.10&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span> ],
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipv6_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;internal&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;dns_enabled&#34;</span>: <span style="color:#66d9ef">false</span>,
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;ipam_options&#34;</span>: {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#f92672">&#34;driver&#34;</span>: <span style="color:#e6db74">&#34;host-local&#34;</span>
|
||||
</span></span><span style="display:flex;"><span> }
|
||||
</span></span><span style="display:flex;"><span>}
|
||||
</span></span></code></pre></div><p><em>Side note: I&rsquo;m really happy they dropped the <code>.conflist</code> extension because this way most editors offer really helpful syntax highlighting in the first place!</em></p>
|
||||
<p>Note that <code>&quot;internal&quot;: false</code> is mandatory. Otherwise I wasn&rsquo;t able to establish communication between VM and container.
|
||||
I also disabled the Aardvark <abbr title="Domain Name System">DNS</abbr> server and IPv6 support because I don&rsquo;t need it and I also don&rsquo;t expect much benefit of it due to the fact that it can&rsquo;t be aware of the VMs present in the network same as <code>dnsmasq</code> won&rsquo;t be able to resolve containers in the libvirt network.</p>
|
||||
<p>Having this in place I was again able to reuse the CLI command from my previous article:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman run <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --rm <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> -d <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --name nginx <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --network libvirt <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --ip 10.10.1.151 <span style="color:#ae81ff">\
|
||||
</span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> docker.io/nginx:alpine
|
||||
</span></span></code></pre></div><p>to create a Nginx container that can be reached from a VM.</p>
|
||||
<h2 id="troubleshooting" >Troubleshooting
|
||||
<span>
|
||||
<a href="#troubleshooting">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>Sometimes the communication between container and VM fails - don&rsquo;t know if I restarted the libvirt network previously or somehow fucked up the container network configuration but a:</p>
|
||||
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>podman network reload &lt;container ID/container name&gt;
|
||||
</span></span></code></pre></div><p>often resolved the problem.</p>
|
||||
<h2 id="final-thoughts" >Final thoughts
|
||||
<span>
|
||||
<a href="#final-thoughts">
|
||||
<svg viewBox="0 0 28 23" height="100%" width="19" xmlns="http://www.w3.org/2000/svg"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71" fill="none" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2"/></svg>
|
||||
</a>
|
||||
</span>
|
||||
</h2><p>I haven&rsquo;t used <em>Netavark</em> and <em>Aardvark</em> a lot, yet.
|
||||
But I already noticed a few <strong>really awesome</strong> things:</p>
|
||||
<ul>
|
||||
<li>the <code>docker-compose</code> support seems to be a lot better now because containers are actually able to talk to each other by <em>service name</em>, something I wasn&rsquo;t able to configure properly in Podman 3.x - at least not rootless.</li>
|
||||
<li>with <em>Netavark</em> all the Podman configuration is now unified within <code>/etc/containers</code> or <code>$HOME/.config/containers</code> respectively</li>
|
||||
<li>the new configuration format is a little bit cleaner the the previous one due to the fact that <em>Netavark</em> does not support plugins and with a <code>.json</code> extension editors do help a lot more without requiring extra &ldquo;configuration&rdquo;</li>
|
||||
</ul></description></item><item><title>Libvirt & Podman: network 'mesh'</title><link>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</link><pubDate>Thu, 24 Feb 2022 00:00:00 +0000</pubDate><guid>https://www.1533b4dc0.de/post/libvirt-podman-network-mesh/</guid><description><p><em>Disclaimer: I tested all this with Podman 3.x even though Podman 4.0 is already announced but the <abbr title="Container Network Interface">CNI</abbr> driver is still available with Podman 4.0 and as soon as I get my hands on 4.0 I&rsquo;ll give <strong>Netavark</strong> a try, too!</em></p>
|
||||
<p>When playing around with containers and <abbr title="Virtual Machine">VM</abbr>s one might ask if it&rsquo;s possible to bring VMs and containers into a common network segment.
|
||||
I see &lsquo;why the hell would I need a VM anyway when already having containers&rsquo; or something similar I almost see on your face 😜</p>
|
||||
<p>Well 1st of all, not everything can be solved with containers.
|
||||
For instance windows applications can be run in Windows containers but I&rsquo;m not aware of how to run a Windows container on my Linux desktop.</p>
|
||||
<p>But also in pure Linux environments there are cases where a VM is probably a better fit for the problem.
|
||||
As you might know I&rsquo;m a bit of network 🤓 and I love playing around with &lsquo;weird&rsquo; stuff almost no one else does even think about if not forced to.
|
||||
So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with DNAT support (stay tuned - post&rsquo;s following!).</p>
|
||||
So if you try to implement for example your own DHCP server you might want to isolate your experiments (especially at the beginning) to avoid discussion about &ldquo;why&rsquo;s Netflix on the TV not working?!&rdquo; 😄 or also if you try to implement your own &lsquo;firewall&rsquo; with <abbr title="Destination network address translation">DNAT</abbr> support (stay tuned - post&rsquo;s following!).</p>
|
||||
<h2 id="part-1-libvirt-preparation" >Part 1: Libvirt preparation
|
||||
<span>
|
||||
<a href="#part-1-libvirt-preparation">
|
||||
|
|
Loading…
Add table
Reference in a new issue