How to resolve Podman iptables CNI network issue
- Views:
- 1,109
- Visibility:
- Public
- Votes:
- 1
- Category:
- solidfire-enterprise-sds
- Specialty:
- solidfire
- Last Updated:
Applies to
Systems running SolidFire Enterprise SDS on RedHat Enterprise Linux 7.6 host nodes.
Description
This is a known timing issue with Podman & iptables/iptables-restore, where lock files are not being respected. As a result, the Container Network Interface (CNI) is unable to come up. See the known issues linked below.
Known Issues
https://bugzilla.redhat.com/show_bug.cgi?id=1417234
https://github.com/openshift/origin/pull/13845
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712691
An example of the error signature is as shown:
ERRO[0000] Error adding network: running [/usr/sbin/iptables -t nat -N CNI-6bb4e32ac5d462b1f066864d --wait]: exit status 4: ipt unavailable.
ERRO[0000] Error while adding pod to CNI network "podman": running [/usr/sbin/iptables -t nat -N CNI-6bb4e32ac5d462b1f066864d -bles: Resource temporarily unavailable.
Error: error configuring network namespace for container 3b0ccbd068b9f7cfa52df9e4b1500abe02b4157f13b75ee34d87b6d52bd5df1a: runnnat -N CNI-6bb4e32ac5d462b1f066864d --wait]: exit status 4: iptables: Resource temporarily unavailable.