Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker from Snap cannot find ingress_sbox. #35

Open
iamjaeholee opened this issue Dec 6, 2023 · 2 comments
Open

Docker from Snap cannot find ingress_sbox. #35

iamjaeholee opened this issue Dec 6, 2023 · 2 comments

Comments

@iamjaeholee
Copy link

I have installed docker from snap.

when i try to install DIRD, cannot find ingress_sbox.

2023-12-06.04:36:05.438065|Hedwig|1016512| Docker Ingress Routing Daemon 4.1.0 starting ...
nsenter: cannot open /var/run/docker/netns/ingress_sbox: No such file or directory
2023-12-06.04:36:05.544429|Hedwig|1016512| - Couldn't identify ingress network subnet or this node's ingress network IP; sleeping 1s, then exiting.

I think snap docker save network container in /run/snap.docker/netns/
@struanb
Copy link
Contributor

struanb commented Dec 6, 2023

Thanks for raising this issue. You're right that DIRD does not currently support non-standard paths to ingress_sbox.

Adding support shouldn't be hard though. Would you mind searching/replacing the standard path with the snap path in the code and trying that to see if it is sufficient?

If it works, we can look to add a command line option for configuring this and officially supporting it.

@iamjaeholee
Copy link
Author

Okay. Thank you for comment.

I have changed the code like following.


# Delete any relevant preexisting rules.
log "Cleaning up any stale load-balancer rules ..."

nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t nat -S | \
  grep -- '-m ipvs --ipvs -j ACCEPT' | \
  sed -r 's/^-A /-D /' | \
  while read RULE; \
  do
    log "- Deleting old rule: iptables -t nat $RULE"
    nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t nat $RULE
  done

nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t mangle -S | \
  grep -- '-j TOS --set-tos' | \
  sed -r 's/^-A /-D /' | \
  while read RULE; \
  do
    log "- Deleting old rule: iptables -t mangle $RULE"
    nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t mangle $RULE
  done

nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t raw -S | \
  grep -- '-j CT --notrack' | \
  sed -r 's/^-A /-D /' | \
  while read RULE; \
  do
    log "- Deleting old rule: iptables -t raw $RULE"
    nsenter --net=/run/snap.docker/netns/ingress_sbox iptables -t raw $RULE
  done

if [ "$INSTALL" = "0" ]; then
  log "Docker Ingress Routing Daemon iptables rules uninstalled, exiting."
  exit 0
fi

###############

I just change all nsenter --net option.

but encountered other nsenter issue.

2023-12-07.10:28:09.777109|jaeho-VirtualBox|05734| Docker Ingress Routing Daemon 4.1.1 starting ...
nsenter: reassociate to namespace 'ns/net' failed: Invalid argument
2023-12-07.10:28:09.922912|jaeho-VirtualBox|05734| - Couldn't identify ingress network subnet or this node's ingress network IP; sleeping 1s, then exiting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@struanb @iamjaeholee