From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: crawford.benjamin15@gmail.com
Cc: yocto <yocto@lists.yoctoproject.org>
Subject: Re: [yocto] docker fragment missing conntrack and netfilter entries? #meta-virtualization
Date: Thu, 14 Oct 2021 15:39:48 -0400 [thread overview]
Message-ID: <CADkTA4Mc9c=RVbxNCJRroO1BhVF_2WnQDjmROGkALsBUg4BtgQ@mail.gmail.com> (raw)
In-Reply-To: <i1rt.1634228602998685993.yIPa@lists.yoctoproject.org>
On Thu, Oct 14, 2021 at 12:23 PM <crawford.benjamin15@gmail.com> wrote:
>
> Hi,
>
> I have just completed a bringup of Poky on the ODROID N2+ platform, but noticed that Docker failed to start, complaining that it could not load the "nf_conntrack_netlink" module.
> After checking docker.cfg, I noticed that a few configuration options I expected were missing.
>
> Shouldn't the following be added: (?)
>
> CONFIG_NETFILTER_NETLINK=m
> CONFIG_NT_CT_NETLINK=m
>
> CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
FYI: you want the meta-virtualization mailing list, not the main yocto
one for questions like this.
There's a balancing act with the fragments: they are as
non-overlapping as possible, they often support a wide range of kernel
versions and kernel providers, so there are sometimes more, or less
options than you'd expect in a fragment.
In particular the fragments in meta-virtualization are changing right
now, and are being unified in the kernel-cache repository (that allows
the duplicated options to be rationalized).
So depending on which docker.cfg you are looking at, you'd either send
a patch to the linux-yocto mailing list, or the meta-virtualization
list.
In particular, the netfilter fragment is what is expected to provide
many of the needed options, and that's what has been happening with
the out of box docker, lxc, podman, k8s, etc, configurations tested in
meta-virt. The docker.scc fragment will start pulling that in
automatically as part of the de-duplication effort I hinted at above.
But there's no harm in sending a patch, I'll figure out how/where it
applies as I go through those efforts.
Cheers,
Bruce
>
> Thanks,
> Ben
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#55074): https://lists.yoctoproject.org/g/yocto/message/55074
> Mute This Topic: https://lists.yoctoproject.org/mt/86318266/1050810
> Mute #meta-virtualization:https://lists.yoctoproject.org/g/yocto/mutehashtag/meta-virtualization
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
prev parent reply other threads:[~2021-10-14 19:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-14 16:23 docker fragment missing conntrack and netfilter entries? #meta-virtualization crawford.benjamin15
2021-10-14 16:37 ` [yocto] " Khem Raj
2021-10-14 19:39 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CADkTA4Mc9c=RVbxNCJRroO1BhVF_2WnQDjmROGkALsBUg4BtgQ@mail.gmail.com' \
--to=bruce.ashfield@gmail.com \
--cc=crawford.benjamin15@gmail.com \
--cc=yocto@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).