macvlan not working or maybe it's me

  • Hi, has something changed in OMV recently that has broken the Docker networks created with macvlan and/or inhibits new networks from connecting? Does macvlan need to be configured

    differently now?


    I've been running OMW without any special issues for year or so with docker containers for portainer, mosquitto, blynk server,domoticz, and pihole on a raspberry pi B+. Updates and upgrades have been made along the way. Macvlan networking was used on the last 4 containers so that each had an ip address and ports of their choice,


    After not being able to "fix" the issue I've tried a new SD card and rebuilt OMV and Docker, still no connectivity even though the networks are created without error. I've also built an nginx container that doesn't respond to ping requests.


    Any ideas, comments, suggestions? Additional details follow:


    pi@raspberrypi:~ $ cat /etc/os-release

    PRETTY_NAME=“Raspbian GNU/Linux 10 (buster)”

    NAME=“Raspbian GNU/Linux”

    VERSION_ID=“10”

    VERSION=“10 (buster)”

    VERSION_CODENAME=buster

    ID=raspbian

    pi@raspberrypi:~ $ cat /proc/cpuinfo

    processor : 0

    model name : ARMv7 Processor rev 4 (v7l)

    BogoMIPS : 38.40

    Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm crc32

    CPU implementer : 0x41

    CPU architecture: 7

    CPU variant : 0x0

    CPU part : 0xd03

    CPU revision : 4

    processor : 1

    model name : ARMv7 Processor rev 4 (v7l)

    BogoMIPS : 38.40

    Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm crc32

    CPU implementer : 0x41

    CPU architecture: 7

    CPU variant : 0x0

    CPU part : 0xd03

    CPU revision : 4

    processor : 2

    model name : ARMv7 Processor rev 4 (v7l)

    BogoMIPS : 38.40

    Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm crc32

    CPU implementer : 0x41

    CPU architecture: 7

    CPU variant : 0x0

    CPU part : 0xd03

    CPU revision : 4

    processor : 3

    model name : ARMv7 Processor rev 4 (v7l)

    BogoMIPS : 38.40

    Features : half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm crc32

    CPU implementer : 0x41

    CPU architecture: 7

    CPU variant : 0x0

    CPU part : 0xd03

    CPU revision : 4

    Hardware : BCM2835

    Revision : a020d3

    Serial : 00000000870f7283

    Model : Raspberry Pi 3 Model B Plus Rev 1.3

    pi@raspberrypi:~ $ sudo docker version

    Client: Docker Engine - Community

    Version: 19.03.12

    API version: 1.40

    Go version: go1.13.10

    Git commit: 48a6621

    Built: Mon Jun 22 15:57:03 2020

    OS/Arch: linux/arm

    Experimental: false

    Server: Docker Engine - Community

    Engine:

    Version: 19.03.12

    API version: 1.40 (minimum version 1.12)

    Go version: go1.13.10

    Git commit: 48a6621

    Built: Mon Jun 22 15:50:36 2020

    OS/Arch: linux/arm

    Experimental: false

    containerd:

    Version: 1.2.13

    GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429

    runc:

    Version: 1.0.0-rc10

    GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd

    docker-init:

    Version: 0.18.0

    GitCommit: fec3683

    ================================================================================



    = openmediavault information

    Release: 5.5.3-1

    Codename: Usul

  • Thanks, I have predictable network interface turned off on the pi, so eth0 is the name of the network interface.


    root@xxxx:~# ip a

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

    valid_lft forever preferred_lft forever

    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether b8:27:eb:0f:72:83 brd ff:ff:ff:ff:ff:ff

    inet 192.168.1.25/24 brd 192.168.1.255 scope global eth0

    valid_lft forever preferred_lft forever

    inet6 fe80::ba27:ebff:fe0f:7283/64 scope link

    valid_lft forever preferred_lft forever

    3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000

    link/ether b8:27:eb:5a:27:d6 brd ff:ff:ff:ff:ff:ff

    4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default

    link/ether 02:42:cd:2b:fc:0c brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

    valid_lft forever preferred_lft forever


    what other choice is there?


    I can create the macvlan network at the command line without error. What am I missing?

  • So what exactly is your issue? You can't reach the containers anymore?


    Greetings

    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Well, most of they containers are present and healthy - (portainer), mosquitto, domoticz & minidlna. The other one, pihole is in a start - fail - restart cycle. None can be reached via the macvlan I created. The assigned ip addresses don't show in a network scan and, of course, you can't ping them.


    If I use a bridge network with a container, things work - but you have port conflicts to deal with. Hence, macvlan. Or is there a better way.


    If, on a different SD card in the Pi, same hardware - same OS and OMV not present, I install docker, portainer and the above listed containers and networks - everything works as expected.


    So the issue for me is that I can't get macvlan to work with OMV present and it did before I changed the OS on the PI.


    Thanks,

  • Can you get a log of the pihole container?


    Greetings

    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • It would look like this ...

    -1 }">[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

    -1 }">[s6-init] ensuring user provided files have correct perms...exited 0.

    -1 }">[fix-attrs.d] applying ownership & permissions fixes...

    -1 }">[fix-attrs.d] 01-resolver-resolv: applying...

    -1 }">[fix-attrs.d] 01-resolver-resolv: exited 0.

    -1 }">[fix-attrs.d] done.

    -1 }">[cont-init.d] executing container initialization scripts...

    -1 }">[cont-init.d] 20-start.sh: executing...

    -1 }"> ::: Starting docker specific checks & setup for docker pihole/pihole

    -1 }">WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server

    -1 }">WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 127.0.0.11)

    -1 }">

    -1 }">nameserver 127.0.0.11

    -1 }">options ndots:0

    -1 }"> [i] Update local cache of available packages... [✓] Update local cache of available packages

    -1 }"> [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u8

    -1 }">

    -1 }"> [i] Installing configs from /etc/.pihole...

    -1 }"> [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!

    -1 }"> [i] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf... [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf

    -1 }">chown: cannot access '': No such file or directory

    -1 }">chmod: cannot access '': No such file or directory

    -1 }">chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory

    -1 }">Setting password:xxx

    -1 }">+ pihole -a -p xxx xxx

    -1 }"> [✓] New password set

    -1 }">Existing DNS servers used (unset & unset)

    -1 }">DNSMasq binding to default interface: eth0

    -1 }">Added ENV to php:

    -1 }"> "ServerIP" => "192.168.1.25",

    -1 }"> "VIRTUAL_HOST" => "192.168.1.25",

    -1 }"> "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",

    -1 }"> "ServerIP" => "0.0.0.0",

    -1 }"> "VIRTUAL_HOST" => "0.0.0.0",

    -1 }">Using IPv4 and IPv6

    -1 }">::: setup_blocklists now setting default blocklists up:

    -1 }">::: TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot

    -1 }">::: Blocklists (/etc/pihole/adlists.list) now set to:

    -1 }">https://raw.githubusercontent.…nBlack/hosts/master/hosts

    -1 }">https://mirror1.malwaredomains.com/files/justdomains

    -1 }">::: Testing pihole-FTL DNS:

    -1 }">dnsmasq: bad option at line 1 of /etc/dnsmasq.d/adlists.list

    -1 }">[cont-init.d] 20-start.sh: exited 1.

    -1 }">[cont-finish.d] executing container finish scripts...

    -1 }">[cont-finish.d] done.

    -1 }">[s6-finish] waiting for services.

    -1 }">[s6-finish] sending all processes the TERM signal.

    -1 }">[s6-finish] sending all processes the KILL signal and exiting.

    -1 }">[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

    -1 }">[s6-init] ensuring user provided files have correct perms...exited 0.

    -1 }">[fix-attrs.d] applying ownership & permissions fixes...

    -1 }">[fix-attrs.d] 01-resolver-resolv: applying...

    -1 }">[fix-attrs.d] 01-resolver-resolv: exited 0.

    -1 }">[fix-attrs.d] done.

    -1 }">[cont-init.d] executing container initialization scripts...

    -1 }">[cont-init.d] 20-start.sh: executing...

    -1 }"> ::: Starting docker specific checks & setup for docker pihole/pihole

    -1 }">WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server

    -1 }">WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 127.0.0.11)

    -1 }">

    -1 }">nameserver 127.0.0.11

    -1 }">options ndots:0

  • That looks mostly fine to me.


    Can you ping the pihole IP from a different Client in your network (you can't ping it from your NAS when you use a MACVLAN Interface unless you have another MACVLAN Interface to connect to it).?


    You can also try to ping from within the container, just jump into it by executing docker exec -it pihole /bin/bash and then pinging from there to a client in your network, or even something outside of your network like 1.1.1.1.


    Greetings

    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • A ping from a Win10 PC:


    Reply from 192.168.1.106: Destination host unreachable.


    A ping from inside the container:


    root@Media5:~# docker exec -it pihole /bin/bash

    root@pihole:/# ping 1.1.1.1

    PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.

    From 192.168.1.200 icmp_seq=1 Destination Host Unreachable


    And now here is a revelation - If a macvlan is created with portainer, a ping to the IP is successful and pihole starts and runs without error!


    I have been creating networks and containers at the CL. Networks and containers created at the CL are visible in portainer, the containers are fine but not the macvlan network.


    So now I have a working OMV install, but don't know how to create a usable docker network at the CL


    docker network create -d macvlan -o parent=eth0.1 \

    --subnet 192.168.1.0/24 \

    --gateway 192.168.1.1 \

    --ip-range 192.168.1.192/27 \

    macvlan


    Thanks for the help...

  • parent=eth0.1

    Do you use a virtual network interface? Or why do you put eth0.1 there?


    Greetings

    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!