From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202408 header.b=Sc0fBfzR; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 0A0615A004C for ; Wed, 18 Sep 2024 05:36:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202408; t=1726630570; bh=NoEW9oJ5ifPeV4J5ead9cLx0O0tFCwXknVRbSEqMnkk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Sc0fBfzRW+VKI66ai0BSepYYZHMNYp0N4j5y/PSKSuIFh5/z6K5BrNJOgAb4Ya+Zy gWbvagmX/iLSvuVH85jk0tshadBUTHCU52cqSjiPro0CMuD3Pp+qdSKDFPBh1B++es YL8nPyIRSJmcrfdjX+7e8wIRDF+m+Eg1VdOw3hLum2Bx+0Fx8TGFFgC2IgaXys3e6P +B3J8aLj6sxXBvumSNQa6scMrazBqBUODQq4Did6NQzBNXle49Y23zP9yh/6icJKTG 4jFkqV2s9wkoH4Jc+vrlrUF4j3ZsU/MaCHopWeb0aIAoT9EwGenO7CHhYmjz0Teuti E8Lqr/bZYrQTQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4X7kp25DCzz4xKS; Wed, 18 Sep 2024 13:36:10 +1000 (AEST) Date: Wed, 18 Sep 2024 12:14:10 +1000 From: David Gibson To: "Castelli, Anton" Subject: Re: Rootless Podman with VRRP Message-ID: References: <172649928722.151934.9874324737582181440@maja> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="LJpTbW8C5/nUUqN9" Content-Disposition: inline In-Reply-To: Message-ID-Hash: 67DLG2DBMVDH7BSCMXAHWFFZ3EJ7YYZ7 X-Message-ID-Hash: 67DLG2DBMVDH7BSCMXAHWFFZ3EJ7YYZ7 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "passt-user@passt.top" X-Mailman-Version: 3.3.8 Precedence: list List-Id: "For passt users: support, questions and answers" Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --LJpTbW8C5/nUUqN9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 18, 2024 at 10:58:44AM +1000, David Gibson wrote: > On Tue, Sep 17, 2024 at 03:22:04PM +0000, Castelli, Anton wrote: > > David, > >=20 > > Thank you very much for the quick reply! > >=20 > > I tried querying the DNS with TCP and it worked correctly, using the > > VRRP address in the reply packet. Unfortunately, UDP is the default > > for DNS queries. >=20 > Right. >=20 > > Thanks for the advice about the options and the workaround. I had > > just copied them from the Podman docs and modified them slightly. I > > tried the '--publish 10.1.1.1:53:53/udp --publish > > 10.1.1.2:53:53/udp' options, and it worked great on the primary > > server that had the active VRRP address. I was able to query both > > the regular and VRRP addresses and get a response. Unfortunately, > > when I tried the same on the secondary server that doesn't have the > > VRRP address, it refused to bind to the non-existent '10.1.1.2' > > address. >=20 > Ah, right, of course. I was just thinking about the primary, and > didn't consider how the secondaries would also need to listen on that > address at some future time. >=20 > > I tried with both the publish options and got an error (10.1.1.3 is > > the regular IP of the secondary server). > >=20 > > --publish 10.1.1.3:53:53/udp --publish 10.1.1.2:53:53/udp > >=20 > > Error: unable to start container "XXXX": pasta failed with exit code 1: > > Altering mapping of already mapped port number: 10.1.1.2/53-53:53-53 >=20 > This looks like a different bug - although one that I think will be > fixed by some work that's pretty close to the top of my queue. It's > not all that relevant for your case right now, because.. I just had a closer look at the code which produces this error. The error is not really correct here - it is a bug. However, it's issued as only a warning and I think this shouldn't actually break anything for your situation (assuming we can work around the other issues). --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --LJpTbW8C5/nUUqN9 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmbqN3EACgkQzQJF27ox 2GdFeA//ZHtNdViJMen/OaB6lo8aRFUU2cBpLljfZK8ZW+1EWi/4Nk3XG6YQpmJ5 MdY8y9l9iKYM3GSvonoyjnLDP3mGOUaJrIN2C5XF5f8/ushHfGbP5nF2sRJLRgnh yV/c7NjjbeY5AXCy2jOOuQV2h4ZdO5tI584c2/tsbJVJmwD+wGneSeP1O55T9/dL QUykwN/t/bJIn+rZkXlQCSNNUmAXvF/L3ZHdoMlGDOClJ7hitv7M03Fna2zADRKK mKYFbYvR5tHr6eiaBfbg6p2j8k76pHQEzBP6VEdqlkOpH++xukUTJfRjSmzAtnFD PgyY6dEUCv3oWzbDH6Bw0jy9yYRGRS54IXqr1zZoiBD0/1XuHJxUwjy/PMXf0E68 P3N5Xqd5u80XuLZZ2KKK8Q0oTCpQ8EELVBIb/prcq0+0h+B4ectf0+mQoFsQuBYo 6+K/Ftba14iwStRtSBy/cmfd+eQHX8fraVoIScW0flAp8ALKUekSfbTR3aQhG5af NLDRup3T9KTSRlgBKVtRv3m7rS4+3fXpi8o/rOXXrACTSVzTRzHFKcZF8wPT0TL7 26HOBZnHIaGTgBa2nmxHUXyE0EF4Sq4qvLuyWPNDfHYipBflNFYXgLh1jNIRSP1k W3aJA79hMvFKuT13kAhUz+MDCWCS6FWuitmr+lJN0tUJ7PuRv5g= =5Q+5 -----END PGP SIGNATURE----- --LJpTbW8C5/nUUqN9--