How to resolve Podman iptables CNI network issue

Applies to

Systems running SolidFire Enterprise SDS on RedHat Enterprise Linux 7.6 host nodes.

Description

This is a known timing issue with Podman & iptables/iptables-restore, where lock files are not being respected. As a result, the Container Network Interface (CNI) is unable to come up. See the known issues linked below.

Known Issues

https://bugzilla.redhat.com/show_bug.cgi?id=1417234

https://github.com/openshift/origin/pull/13845

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712691

An example of the error signature is as shown:

ERRO[0000] Error adding network: running [/usr/sbin/iptables -t nat -N CNI-6bb4e32ac5d462b1f066864d --wait]: exit status 4: ipt unavailable.
ERRO[0000] Error while adding pod to CNI network "podman": running [/usr/sbin/iptables -t nat -N CNI-6bb4e32ac5d462b1f066864d -bles: Resource temporarily unavailable.
Error: error configuring network namespace for container 3b0ccbd068b9f7cfa52df9e4b1500abe02b4157f13b75ee34d87b6d52bd5df1a: runnnat -N CNI-6bb4e32ac5d462b1f066864d --wait]: exit status 4: iptables: Resource temporarily unavailable.