4

I have a working docker implementation on a fedora workstation that I use to host a Unifi Network Controller application. I use a macvlan to assign a static IP to the controller. The docker network command to create the macvlan is:

docker network create -d macvlan -o parent=enp8s0  --subnet 192.168.110.0/24 --gateway 192.168.110.1 --ip-range 192.168.110.224/27 --aux-address 'host=192.168.110.225' unifinet

The container where the controller runs is assigned a static ip:

docker run --rm --init --network unifinet --ip 192.168.110.226 ....

I would like to implement this using podman as a replacement. Is there a useful online tutorial that explains how to use the implementation of CNI used by podman? Especially the macvlan plugin? I cannot decide if I should use the static IPAM plugin or the local-host IPAM plugin.

Brent Baude's Leasing Routable IP addresses with Podman containers is a good start but is focused on using the dhcp IPAM plugin.

thank you

Brad Smith
  • 183
  • 1
  • 7

2 Answers2

3

I see you have a solution that works for you, but I would have suggested using the host-local IPAM plugin instead, rather than static (which requires you to explicitly allocate addresses). The corresponding configuration might look something like this:

{
  "cniVersion": "0.3.0",
  "name": "unifinet",
  "plugins": [
    {
      "type": "macvlan",
      "mode": "bridge",
      "master": "eth0",
      "ipam": {
        "type": "host-local",
        "ranges": [
          [{
            "subnet": "192.168.110.0/24",
            "rangeStart": "192.168.110.226",
            "rangeEnd": "192.168.110.255",
            "gateway": "192.168.110.1"
          }]
        ],
        "routes": [
          {"dst": "0.0.0.0/0"}
        ]
      }
    }
  ]
}

Just like your original docker network create command, this will allocate addresses on the 192.168.110.0/24 network from the 192.168.110.224/27 range (I've actually specified a range start of 192.168.110.226, which will avoid allocating your 192.168.110.225 address that you've reserved with --aux-address).

You can start a container with a specific ip using the --ip argument to podman run. Given the network defined above, we could run:

podman run --net unifinet --ip 192.168.110.230 ...
user7610
  • 25,267
  • 15
  • 124
  • 150
larsks
  • 277,717
  • 41
  • 399
  • 399
  • thank you. I had tried host-local prior to the static ipam plugin but could not figure out a way to explicitly assign an IP to the container. A fixed IP is needed for the specific application. If there is a way to accomplish that I would be very interested. – Brad Smith Dec 31 '19 at 00:54
  • Just like with `docker run`, `podman run` has a `--ip` argument that will let you assign a specific ip to the container. The address must come from within a valid range from your network definition. – larsks Dec 31 '19 at 03:58
  • thank you very much. I thought i had tried that and received an error. I will give your solution a try. By the way - I think I have memorized your oddbits blog post on docker and macvlan. Thank you for writing it. – Brad Smith Jan 05 '20 at 23:16
  • it should be noted that the --ip flag was buggy on some versions of containernetworking-plugins, namely the one shipped with Red Hat/CentOS. 0.8.6-2 on CentOS8 Stream appears to work. – bolind Oct 02 '20 at 11:14
1

Additional testing and reading a few issue comments in the libpod github resulted in the following solution which defines a macvlan and assigns a static ip using the static IPAM plugin.

Create a file in /etc/cni/net.d called 90-unifinet.conflist:

{
    "cniVersion": "0.4.0",
    "name": "unifinet",
    "plugins": [
    {
            "type": "macvlan",
            "master": "enp8s0",
            "ipam": {
                "type": "static",
        "addresses": [
            {
                              "address": "192.168.110.226/24",
                          "gateway": "192.168.110.1"
            }
        ],
                "routes": [
                       { "dst": "0.0.0.0/0" }
                ],
               "dns":  {
                       "nameservers": ["192.168.110.1"]
               }
            }
        }
    ]
}

Then the following will work

podman run -it --rm --network unifinet  alpine ping 8.8.8.8 -c 4
Brad Smith
  • 183
  • 1
  • 7