From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202408 header.b=op55hJ23; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 8D2475A004E for ; Thu, 19 Sep 2024 04:25:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202408; t=1726712717; bh=Ccpcj2OSYeOMnd20IUSAC4HXfQzxBNYqTZsYppteipo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=op55hJ23VqqsNIx+9MuWoxjifvxJgIXV/M5QTwgDnsHOI0lZoaWBxlPVa0slwEJ2R 72T/aII1XDFcG2xXCkXvHA/Wb54cQlcKqFzv5nAUtTYO12K/sXOvWdulMuwZjRt6cE jZc0Bwa0QjxxrN4TE2mbpE4D+4OGrgWpF/nLR02Y6Ne1VunrxtTgnQqaeA70a8/ATU rRWe7vjg1OHDVH+WwfUQ5xK8CDe/DHVeiVX7/x7TRbjyN+4VnSgJ/VkOMo88MIfFHM zwSEcUx/s2ZhT37aDYWdPRULRvrDMXiQ+wIEv843YHkZRJIfo25nMBzEw/SuzKZUPH mKsb/k2+JGjGQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4X8K9n1dYRz4xQb; Thu, 19 Sep 2024 12:25:17 +1000 (AEST) Date: Thu, 19 Sep 2024 12:15:51 +1000 From: David Gibson To: "Castelli, Anton" Subject: Re: Rootless Podman with VRRP Message-ID: References: <172649928722.151934.9874324737582181440@maja> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zPf0M5giwoUeLA9E" Content-Disposition: inline In-Reply-To: Message-ID-Hash: YCVAM7T2X6BVROZXWVMGGEPRFDM6N3V7 X-Message-ID-Hash: YCVAM7T2X6BVROZXWVMGGEPRFDM6N3V7 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "passt-user@passt.top" X-Mailman-Version: 3.3.8 Precedence: list List-Id: "For passt users: support, questions and answers" Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --zPf0M5giwoUeLA9E Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 18, 2024 at 07:29:09PM +0000, Castelli, Anton wrote: > David, >=20 > Yes, that one instance was a mistake when I was anonymizing the > IPs. Sorry for the confusion. >=20 > Following your suggestion, I was able to set the sysctl value > 'net.ipv4.ip_nonlocal_bind=3D1'. After that, I was able to > successfully start the rootless container on the secondary server > (that did not have the VRRP IP). You were correct that pasta emitted > a warning, but it started anyway. Ok. > With this workaround, I can now successfully start rootless > containers on both the primary and secondary servers. The primary > server responds to UDP queries on both its main IP address and the > VRRP IP address. I tried a manual failover to the secondary server, > which then also responds on the VRRP IP address in addition to its > main IP address. Everything appears to be working as intended. Superb! > Thank you so much for taking the time to help find a workaround to > this issue! I'll be updating the bug report with the details on the > workaround in case anyone else runs into the issue. Thanks for that. We have a _lot_ of edge cases of varying obscurity to sort out eventually; recording the details so they're not forgotten is super helpful. --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --zPf0M5giwoUeLA9E Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmbriUMACgkQzQJF27ox 2GfdlBAAn7mLHaA/eQyY0NiEkEC54XQBCXu6EJFrF4izm7ALuLEyswhopao+GYcz 1i1AeHvIrIiTlVXU4Uh6VuQSIKCanN6XdcBf0sYwqFtuRycxE940u+vuyyl7yGWg 4xIg0JI8mA8ZUBNRF6oSQE+UJy6LI1ODcwA/1CBENyNxtIyyaLxubzV8i5/6jgP8 /uMBNM8+Y1xUeYcn4t6eKhGF75FV80BcwoaS4UHXl5HD1iYZ1FYvcyfHh8CCHPaR ay8ae/k+mkZxZl9grkuDS+IxbGbicSxje02+sj9Svp1eaMS79k+TR5EH6HeChCRL 5gzaP4SMPrL6lvxFTYRB8+99wh8RAPfycZZ57pAdvmJ5UFbmi6n7y1FIBR13F/oN uLNh6DnsxIt/Gq3hNXL59VncOI8R1cAmp5FMnrfckbyBiYPoWFZvPFnpzQP8FAAL Uev/6gBAmZddv+KDqw7qwvMnASKrQ4AWWzJNER2LFJnd0DVoxMHnHzdOrNLSirMo R68iws3LZ/tfEqjlMpAzxPR/37x+c1XQdpgxrTIS8AmG1O6Ltl76kmkO92vtA11U N1u0T2DPR66SelL/F3KfExjKtkSjzhS0KH5B1sOWyRqTDMvMu5aokMn9jTXS3nn4 Km8GEq8ApwOz3WeL0oD7UfwyTwNjihEIHZ8EyRTXA5Rma9eP7r4= =VtV5 -----END PGP SIGNATURE----- --zPf0M5giwoUeLA9E--