Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#79268 - [docker] systemd-networkd prevents docker containers from reaching internet
Attached to Project:
Arch Linux
Opened by Benjamin Flesch (bflesch) - Tuesday, 01 August 2023, 18:31 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 01 August 2023, 22:26 GMT
Opened by Benjamin Flesch (bflesch) - Tuesday, 01 August 2023, 18:31 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 01 August 2023, 22:26 GMT
|
DetailsDescription: systemd-networkd prevents docker containers from reaching internet.
Additional info: - Arch Linux 6.4.6-hardened1-1-hardened - docker 1:24.0.5-1 - systemd 253.7-1 - see https://github.com/systemd/systemd/issues/28626 Steps to reproduce: (1) Install archlinux with docker and systemd-networkd (2) set up system for SSH unlock with mkinitcpio hooks: `HOOKS=(base udev autodetect modconf keyboard keymap block mdadm_udev lvm2 netconf tinyssh encryptssh filesystems fsck)` (3) set `GRUB_CMDLINE_LINUX="cryptdevice=/dev/md1:cryptroot ip=dhcp"` (4) start system, unlock via SSH, wait until boot finished (5) `docker run busybox ping -c 1 1.1.1.1` -> timeout (6) `networkctl` will show docker0 as "configuring" Root cause: As elaborated in https://github.com/systemd/systemd/issues/28626 the `ip=dhcp` in GRUB_CMDLINE triggers systemd-networkd to use systemd-network-generator and create a file /run/systemd/network/91-default.network with contents: ``` # Automatically generated by systemd-network-generator [Match] Name=* [Link] [Network] DHCP=ipv4 [DHCP] ``` This `Name=*` matches the virtual docker interfaces `docker0`, `br-*`, and `veth*`, and therefore systemd-networkd tries to manage these interfaces. A fix for this issue is to create systemd-networkd configuration files which ensure that the above-mentioned docker network interfaces are not managed by systemd-networkd. (1) Create /etc/systemd/network/20-veth.network with contents: ``` [Match] Name=veth* [Link] Unmanaged=true ``` (2) Create /etc/systemd/network/21-docker.network with contents: ``` [Match] Name=docker* [Link] Unmanaged=true ``` (3) Create /etc/systemd/network/22-docker-br.network with contents: ``` [Match] Name=br-* [Link] Unmanaged=true ``` (4) systemctl restart systemd-networkd && systemctl restart docker (5) now the `docker run busybox ping -c 1 1.1.1.1` should work Proposed fix to be implemented for the archlinux docker package: I see the package is already placing systemd service files in /etc/systemd. It'd be great if the package could also put the three config files for systemd-networkd into /etc/systemd/network/. From discussion at https://github.com/systemd/systemd/issues/28626 it seems the systemd folks don't really care about adding a fix for docker into their package. |
This task depends upon
Closed by Toolybird (Toolybird)
Tuesday, 01 August 2023, 22:26 GMT
Reason for closing: Not a bug
Additional comments about closing: This is a network configuration issue which is the user's responsibility on an Arch machine. Workarounds for various network managers don't belong in the docker pkg.
Tuesday, 01 August 2023, 22:26 GMT
Reason for closing: Not a bug
Additional comments about closing: This is a network configuration issue which is the user's responsibility on an Arch machine. Workarounds for various network managers don't belong in the docker pkg.
[1] https://wiki.archlinux.org/title/Docker#docker0_Bridge_gets_no_IP_/_no_internet_access_in_containers_when_using_systemd-networkd