[Bug 1206614] New: [Build 20221221] nerdctl: fails to initialize if iptables is absent
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 Bug ID: 1206614 Summary: [Build 20221221] nerdctl: fails to initialize if iptables is absent Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://openqa.opensuse.org/tests/2970571/modules/cont ainerd_nerdctl/steps/58 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Containers Assignee: containers-bugowner@suse.de Reporter: dimstar@opensuse.org QA Contact: qa-bugs@suse.de Found By: openQA Blocker: Yes ## Observation [31mFATA[0m[0000] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2022-12-22T02:29:28-05:00" level=fatal msg="failed to call cni.Setup: plugin type=\"bridge\" failed (add): failed to locate iptables: exec: \"iptables\": executable file not found in $PATH" Failed to write to log, write /var/lib/nerdctl/1935db59/containers/default/c3cf5d1baef6bdb4812f94cfa6e37fecbe170d360f70df78177b114c940056f8/oci-hook.createRuntime.log: file already closed: unknown If it's so keen to have iptables present, it should require it (better yet, migrate to nftables) openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-containers_host_containerd@64bit fails in [containerd_nerdctl](https://openqa.opensuse.org/tests/2970571/modules/containerd_nerdctl/steps/5...) ## Test suite description Maintainer: dheidler. Extra tests about CLI software in container module ## Reproducible Fails since (at least) Build [20221221](https://openqa.opensuse.org/tests/2969686) ## Expected result Last good: [20221220](https://openqa.opensuse.org/tests/2967582) (or more recent) ## Further details Always latest result in this scenario: [latest](https://openqa.opensuse.org/tests/latest?arch=x86_64&distri=opensuse&flavor=DVD&machine=64bit&test=containers_host_containerd&version=Tumbleweed) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 Dominique Leuenberger <dimstar@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|containers-bugowner@suse.de |rbrown@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 http://bugzilla.opensuse.org/show_bug.cgi?id=1206614#c1 --- Comment #1 from Richard Brown <rbrown@suse.com> --- Why is this being tested when no product uses it and it's a clearly experimental stack? I'd vote for dropping the test until nerdctl and/or it's level of maintainance matures -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 Richard Brown <rbrown@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|rbrown@suse.com |mark_nefedov@runbox.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 http://bugzilla.opensuse.org/show_bug.cgi?id=1206614#c2 Richard Brown <rbrown@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rbrown@suse.com --- Comment #2 from Richard Brown <rbrown@suse.com> --- Assigning to mark_nefedov@runbox.com as they have done the last 2 version bumps -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 http://bugzilla.opensuse.org/show_bug.cgi?id=1206614#c3 Felix Niederwanger <felix.niederwanger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |felix.niederwanger@suse.com | |, jalausuch@suse.com --- Comment #3 from Felix Niederwanger <felix.niederwanger@suse.com> --- There was a requirement to add testing coverage for nerdctl, and following the factory-first principle we also added it for Tumbleweed. However, let's wait until next week when Jose is back to clarify it's status in Tumbleweed. I'm adding Jose, so we don't forget. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 http://bugzilla.opensuse.org/show_bug.cgi?id=1206614#c4 --- Comment #4 from Dominique Leuenberger <dimstar@opensuse.org> --- (In reply to Richard Brown from comment #1)
I'd vote for dropping the test until nerdctl and/or it's level of maintainance matures
Not testing does not make the bug go away. So that's imho the wrong approach We don't need to consider nerdctl issues in TW tests as snapshot blocking, but that's out of scope of bug reports The bug identified by openQA is real (and simple):
If it's so keen to have iptables present, it should require it (better yet, migrate to nftables)
iptables used to be pulled in by NetworkManager; that issue was fixed on that side (NM used nftables) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 Guillaume GARDET <guillaume.gardet@arm.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |guillaume.gardet@arm.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 http://bugzilla.opensuse.org/show_bug.cgi?id=1206614#c5 --- Comment #5 from Dominique Leuenberger <dimstar@opensuse.org> --- Any update here? The change seems rather simplistic (and afaics, was done in the devel prj) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 http://bugzilla.opensuse.org/show_bug.cgi?id=1206614#c6 Dominique Leuenberger <dimstar@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #6 from Dominique Leuenberger <dimstar@opensuse.org> --- (In reply to Dominique Leuenberger from comment #5)
Any update here? The change seems rather simplistic (and afaics, was done in the devel prj)
nerdctl was updated to version 1.2.1 which includes a dep on iptables to address this bug -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 http://bugzilla.opensuse.org/show_bug.cgi?id=1206614#c7 Dominique Leuenberger <dimstar@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #7 from Dominique Leuenberger <dimstar@opensuse.org> --- Actually, the test still does not pass in snapshot 0301: https://openqa.opensuse.org/tests/3151056# The error message still seems to imply the same: [31mFATA[0m[0000] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2023-03-01T05:57:31-05:00" level=fatal msg="failed to call cni.Setup: plugin type=\"bridge\" failed (add): failed to locate iptables: exec: \"iptables\": executable file not found in $PATH" -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 http://bugzilla.opensuse.org/show_bug.cgi?id=1206614#c8 --- Comment #8 from Jose Lausuch <jalausuch@suse.com> --- (In reply to Dominique Leuenberger from comment #4)
(In reply to Richard Brown from comment #1)
I'd vote for dropping the test until nerdctl and/or it's level of maintainance matures
Not testing does not make the bug go away. So that's imho the wrong approach
We don't need to consider nerdctl issues in TW tests as snapshot blocking, but that's out of scope of bug reports
The bug identified by openQA is real (and simple):
If it's so keen to have iptables present, it should require it (better yet, migrate to nftables)
iptables used to be pulled in by NetworkManager; that issue was fixed on that side (NM used nftables)
+1 @Danish Prakash is this something you could have a look? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1206614 Jose Lausuch <jalausuch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |danish.prakash@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com