Is this a BUG REPORT or FEATURE REQUEST?
/kind bug
Description
When using docker-compose
and podman, podman fails to bring up containers trying to port map ports below 60. Additionally, when trying to map port 53
on the host, it seems to conflict with dnsmasq
process podman spawns.
Steps to reproduce the issue:
Parsing Error
-
Install podman 3.0 as root to utilize docker-compose features
-
Make sure to disable any dns(port 53) service running on OS
-
Using the docker-compose.yml
file below issue: docker-compose up
Port 53 Conflict
-
Install podman 3.0 as root to utilize docker-compose features
-
Make sure to disable any dns(port 53) service running on OS
-
Edit the docker-compose.yml
file and change - 53:53
to - 53:XXXX
, where XXXX is anything above 59.
Example: - 53:60
-
Then issue the following: docker-compose up
Describe the results you received:
Using the unmodified docker-compose.yml
file below will generate the parsing error:
root@vm-307:/home/crowley# docker-compose up
Creating network "crowley_default" with the default driver
Creating crowley_admin_1 ...
Creating crowley_pdns_1 ... error
Creating crowley_admin_1 ... done
ERROR: for crowley_pdns_1 Cannot create container for service pdns: make cli opts(): strconv.Atoi: parsing "": invalid syntax
From my testing if I change the port mapping, - 53:53
to be anything above 59 for the container port, it passes the parsing error.
Changing the port mapping to - 53:60
, allows the docker-compose up
to continue but fail with this error message:
root@vm-307:/home/crowley# docker-compose up
Creating network "crowley_default" with the default driver
Creating crowley_admin_1 ...
Creating crowley_pdns_1 ... error
Creating crowley_admin_1 ... done
ERROR: for crowley_pdns_1 error preparing container ac8f5caddef9e28d43fd2f8b41d0c96845765c623b1f7fe0fef3b6692efa5910 for attach: cannot listen on the TCP port: listen tcp4 :53: bind: address already in use
ERROR: for pdns error preparing container ac8f5caddef9e28d43fd2f8b41d0c96845765c623b1f7fe0fef3b6692efa5910 for attach: cannot listen on the TCP port: listen tcp4 :53: bind: address already in use
ERROR: Encountered errors while bringing up the project.
Just to make sure I am not crazy, I bring down the containers, docker-compose down
. Then check my ports using sudo lsof -i -P -n
. Which results in:
root@vm-307:/home/crowley# sudo lsof -i -P -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 630 root 3u IPv4 32734 0t0 TCP *:22 (LISTEN)
sshd 630 root 4u IPv6 32736 0t0 TCP *:22 (LISTEN)
sshd 668 root 4u IPv4 32763 0t0 TCP X.X.X.X:22->X.X.X.X:55832 (ESTABLISHED)
sshd 695 crowley 4u IPv4 32763 0t0 TCP X.X.X.X:22->X.X.X.X:55832 (ESTABLISHED)
Please note X.X.X.X
is just me censoring my IPs. As you can see I do not have any services listen on port 53
.
Next I issue docker-compose up
again. I see the same port conflict issue. Then issue sudo lsof -i -P -n
to check my services before bringing down the containers.
root@vm-307:/home/crowley# sudo lsof -i -P -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 630 root 3u IPv4 32734 0t0 TCP *:22 (LISTEN)
sshd 630 root 4u IPv6 32736 0t0 TCP *:22 (LISTEN)
sshd 668 root 4u IPv4 32763 0t0 TCP X.X.X.X->X.X.X.X:55832 (ESTABLISHED)
sshd 695 crowley 4u IPv4 32763 0t0 TCP X.X.X.X:22->X.X.X.X:55832 (ESTABLISHED)
dnsmasq 16060 root 4u IPv4 112910 0t0 UDP 10.89.0.1:53
dnsmasq 16060 root 5u IPv4 112911 0t0 TCP 10.89.0.1:53 (LISTEN)
dnsmasq 16060 root 10u IPv6 116160 0t0 UDP [fe80::9cc6:14ff:fe16:3953]:53
dnsmasq 16060 root 11u IPv6 116161 0t0 TCP [fe80::9cc6:14ff:fe16:3953]:53 (LISTEN)
conmon 16062 root 5u IPv4 111869 0t0 TCP *:9191 (LISTEN)
As you can see podman has spawned a dnsmasq
process. I think this is to allow DNS between the containers, but seems to conflict if you want to run/port map port 53
.
Describe the results you expected:
I expect not to hit that parsing error. I am not sure why podman/docker-compose is hitting that error. When running that exact same docker-compose.yml
via docker I have no issues.
I also expect not to hit port 53 conflicts. I am not sure how podman is handling DNS between the containers but the implementation limits users ability to hosts different services.
Additional information you deem important (e.g. issue happens only occasionally):
N/A
Output of podman version
:
Output of podman info --debug
:
host:
arch: amd64
buildahVersion: 1.19.2
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: 'conmon: /usr/libexec/podman/conmon'
path: /usr/libexec/podman/conmon
version: 'conmon version 2.0.26, commit: '
cpus: 8
distribution:
distribution: ubuntu
version: "20.04"
eventLogger: journald
hostname: vm-307
idMappings:
gidmap: null
uidmap: null
kernel: 5.4.0-28-generic
linkmode: dynamic
memFree: 15873085440
memTotal: 16762957824
ociRuntime:
name: crun
package: 'crun: /usr/bin/crun'
path: /usr/bin/crun
version: |-
crun version 0.17.6-58ef-dirty
commit: fd582c529489c0738e7039cbc036781d1d039014
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
os: linux
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: true
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
selinuxEnabled: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 1023406080
swapTotal: 1023406080
uptime: 1h 11m 7.15s (Approximately 0.04 days)
registries:
search:
- docker.io
- quay.io
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 4
paused: 0
running: 0
stopped: 4
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev,metacopy=on
graphRoot: /var/lib/containers/storage
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "true"
imageStore:
number: 4
runRoot: /run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 3.0.0
Built: 0
BuiltTime: Wed Dec 31 19:00:00 1969
GitCommit: ""
GoVersion: go1.15.2
OsArch: linux/amd64
Version: 3.0.0
Package info (e.g. output of rpm -q podman
or apt list podman
):
Listing... Done
podman/unknown,now 100:3.0.0-4 amd64 [installed]
podman/unknown 100:3.0.0-4 arm64
podman/unknown 100:3.0.0-4 armhf
podman/unknown 100:3.0.0-4 s390x
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Running on amd64
hardware. The server is a VM inside of VMware. Also running on Ubuntu 20.04.
docker-compose.yml
version: "3"
services:
pdns:
image: powerdns/pdns-auth-master:latest
ports:
- 53:53
- 8081:8081
admin:
image: ngoduykhanh/powerdns-admin:latest
ports:
- 9191:80