Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL 8.7 podman-compose error iptables #637

Open
7underlines opened this issue Feb 18, 2023 · 3 comments
Open

RHEL 8.7 podman-compose error iptables #637

7underlines opened this issue Feb 18, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@7underlines
Copy link

7underlines commented Feb 18, 2023
edited
Loading

sudo podman-compose up outputs this error:

WARN[0000] Failed to load cached network config: network ds_default not found in CNI cache, falling back to loading network ds_default from disk Error: unable to start container 80310f8a7682841891e9e09e43c982099548f8dfcc2bdef211a4fab7863b96e2: plugin type="firewall" failed (add): cni plugin fir ewall failed: failed to list iptables chains: running [/sbin/iptables -t filter -S --wait]: exit status 1: iptables v1.8.4 (nf_tables): table 'filter' is incompatible, use 'nft' tool.

OS: RHEL 8.7
podman iirc 4.2.0 (installed with sudo dnf install podman)
podman-compose (installed with sudo pip3 install podman-compose).
podman-plugins (installed with sudo dnf install podman-plugins)
SElinux disabled

It works on AlmaLinux 8.7 (same package versions) and Rocky Linux 8.7.

docker-comose.yml

version: '3.6'  
services:  
web:  
image: odoo:13.0  
depends_on:
 - db  
ports:
 - "8069:8069"  
db:  
image: postgres:13  
environment:  
- POSTGRES_DB=postgres  
- POSTGRES_PASSWORD=odoo  
- POSTGRES_USER=odoo

I don't know if this is podman or RHEL specific.
https://www.reddit.com/r/redhat/comments/115mt09/rhel_87_error_iptables_table_filter_is/

containers/podman#5569
@7underlines 7underlines added the bug Something isn't working label Feb 18, 2023
@bugfest
Copy link
Contributor

bugfest commented Apr 8, 2023

Hi @thomaspeissl this is a cni issue not a podman-compose one. As you mention, most probably related with podman's CNI using iptables instead of nft in those new systems where the legacy iptables version has been faced out.

Some other mentions of similar issues:

iptables nft vs legacy:

I couldn't reproduce this issue in Rocky Linux 8.7; I don't have a subscription to RHEL so won't be able to help you there.

@7underlines
Copy link
Author

Hi @bugfest

this is a cni issue not a podman-compose one

I was thinking about that too. So I opened this issue, but the maintainer says it's not a problem with his CNI plugin.
greenpau/cni-plugins#21

It feels like Podman says it's a CNI issue and CNI says it's a Podman issue 🤷‍♂️
I can only imagine that it is a quirk of RHEL 8.7.

@nycki93
Copy link

nycki93 commented Jul 19, 2023
edited
Loading

I had this problem on armbian v23.5.1 with podman v3.4.4. If I downgrade to podman-compose v1.0.3 it still gives a warning, but works fine. I can also create the network manually through podman. I only get the error with podman-compose, and only in v1.0.6.

edit: nevermind, I get this error whenever I create a network, even with compose v1.0.3. Downgrading to compose v0.1.11 resolves the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nycki93 @7underlines @bugfest