* docker fragment missing conntrack and netfilter entries? #meta-virtualization @ 2021-10-14 16:23 crawford.benjamin15 2021-10-14 16:37 ` [yocto] " Khem Raj 2021-10-14 19:39 ` Bruce Ashfield 0 siblings, 2 replies; 3+ messages in thread From: crawford.benjamin15 @ 2021-10-14 16:23 UTC (permalink / raw) To: yocto [-- Attachment #1: Type: text/plain, Size: 435 bytes --] Hi, I have just completed a bringup of Poky on the ODROID N2+ platform, but noticed that Docker failed to start, complaining that it could not load the "nf_conntrack_netlink" module. After checking docker.cfg, I noticed that a few configuration options I expected were missing. Shouldn't the following be added: (?) CONFIG_NETFILTER_NETLINK=m CONFIG_NT_CT_NETLINK=m CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m Thanks, Ben [-- Attachment #2: Type: text/html, Size: 3750 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [yocto] docker fragment missing conntrack and netfilter entries? #meta-virtualization 2021-10-14 16:23 docker fragment missing conntrack and netfilter entries? #meta-virtualization crawford.benjamin15 @ 2021-10-14 16:37 ` Khem Raj 2021-10-14 19:39 ` Bruce Ashfield 1 sibling, 0 replies; 3+ messages in thread From: Khem Raj @ 2021-10-14 16:37 UTC (permalink / raw) To: crawford.benjamin15, yocto On 10/14/21 9:23 AM, crawford.benjamin15@gmail.com wrote: > Hi, > > I have just completed a bringup of Poky on the ODROID N2+ platform, but > noticed that Docker failed to start, complaining that it could not load > the "nf_conntrack_netlink" module. > After checking docker.cfg, I noticed that a few configuration options I > expected were missing. > > Shouldn't the following be added: (?) > > |CONFIG_NETFILTER_NETLINK=m| > |CONFIG_NT_CT_NETLINK=m| > > |CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m > seems fine. Please send a patch for enhancing it via docker.cfg > Thanks, > Ben| > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > You automatically follow any topics you start or reply to. > View/Reply Online (#55074): https://lists.yoctoproject.org/g/yocto/message/55074 > Mute This Topic: https://lists.yoctoproject.org/mt/86318266/1997914 > Mute #meta-virtualization:https://lists.yoctoproject.org/g/yocto/mutehashtag/meta-virtualization > Group Owner: yocto+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [yocto] docker fragment missing conntrack and netfilter entries? #meta-virtualization 2021-10-14 16:23 docker fragment missing conntrack and netfilter entries? #meta-virtualization crawford.benjamin15 2021-10-14 16:37 ` [yocto] " Khem Raj @ 2021-10-14 19:39 ` Bruce Ashfield 1 sibling, 0 replies; 3+ messages in thread From: Bruce Ashfield @ 2021-10-14 19:39 UTC (permalink / raw) To: crawford.benjamin15; +Cc: yocto On Thu, Oct 14, 2021 at 12:23 PM <crawford.benjamin15@gmail.com> wrote: > > Hi, > > I have just completed a bringup of Poky on the ODROID N2+ platform, but noticed that Docker failed to start, complaining that it could not load the "nf_conntrack_netlink" module. > After checking docker.cfg, I noticed that a few configuration options I expected were missing. > > Shouldn't the following be added: (?) > > CONFIG_NETFILTER_NETLINK=m > CONFIG_NT_CT_NETLINK=m > > CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m FYI: you want the meta-virtualization mailing list, not the main yocto one for questions like this. There's a balancing act with the fragments: they are as non-overlapping as possible, they often support a wide range of kernel versions and kernel providers, so there are sometimes more, or less options than you'd expect in a fragment. In particular the fragments in meta-virtualization are changing right now, and are being unified in the kernel-cache repository (that allows the duplicated options to be rationalized). So depending on which docker.cfg you are looking at, you'd either send a patch to the linux-yocto mailing list, or the meta-virtualization list. In particular, the netfilter fragment is what is expected to provide many of the needed options, and that's what has been happening with the out of box docker, lxc, podman, k8s, etc, configurations tested in meta-virt. The docker.scc fragment will start pulling that in automatically as part of the de-duplication effort I hinted at above. But there's no harm in sending a patch, I'll figure out how/where it applies as I go through those efforts. Cheers, Bruce > > Thanks, > Ben > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#55074): https://lists.yoctoproject.org/g/yocto/message/55074 > Mute This Topic: https://lists.yoctoproject.org/mt/86318266/1050810 > Mute #meta-virtualization:https://lists.yoctoproject.org/g/yocto/mutehashtag/meta-virtualization > Group Owner: yocto+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [bruce.ashfield@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-14 19:40 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-10-14 16:23 docker fragment missing conntrack and netfilter entries? #meta-virtualization crawford.benjamin15 2021-10-14 16:37 ` [yocto] " Khem Raj 2021-10-14 19:39 ` Bruce Ashfield
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).