Skip to content

virtualisation.oci-containers option results in Error: failed to set the loopback adapter up: operation not permitted #30

Open
Open
virtualisation.oci-containers option results in Error: failed to set the loopback adapter up: operation not permitted#30
@protob

Description

@protob
protob
opened on Mar 9, 2023

Hello,

Is it possible to use virtualisation.oci-containers.containers in extra-container?
I was trying to move my working setup of Hasura and Postres from configuration.nix to extra-container

Here is my config hasura.nix

{ config, pkgs, ... }:
let
  app = "hasura";
in
{
  containers.hasura = {
    config = {

      systemd.services.podman-create-pod = {
        serviceConfig.Type = "oneshot";
        wantedBy = [ "multi-user.target" ];
        script = ''
          ${pkgs.podman}/bin/podman pod exists hasura-pg || \

             ${pkgs.podman}/bin/podman pod create -n hasura-pg -p '127.0.0.1:8080:8080' --privileged 

        '';
      };

      virtualisation = {
        podman = {
          enable = true;
          # dockerCompat = true;
        };
        oci-containers = {
          backend = "podman";
        };
      };

      virtualisation.oci-containers.containers = {
        pg2 = {
          autoStart = true;
          image = "postgres:latest";
          # pod = "hasura-pod";
          # dependsOn = [ "podman-create-pod-postgres" ];
          environment = {
            POSTGRES_PASSWORD = "password";
            POSTGRES_USER = "postgres";
            POSTGRES_DB = "postgres";
          };
          volumes = [ "postgresql:/var/lib/postgresql/data" ];
        };
        hasura = {
          autoStart = true;
          image = "hasura/graphql-engine:latest";
          # pod = "hasura-pod";
          dependsOn = [ "pg2" ];
          ports = [ "8080:8080" ];
          environment = {
            HASURA_GRAPHQL_DATABASE_URL = "postgres://postgres:password@10.88.0.13:5432/postgres";
            HASURA_GRAPHQL_ENABLE_CONSOLE = "true";
          };
        };

      };

    };
  };
}

I run it with:

sudo extra-container create --start <<EOF
$(cat hasura.nix)
EOF

When i login to the container hasura with sudo extra-container root-login hasura

The command

 journalctl -u podman-hasura

logs:

[root@hasura:~]# journalctl -u podman-hasura
Mar 09 16:04:43 hasura systemd[1]: Starting podman-hasura.service...
Mar 09 16:04:43 hasura systemd[1]: Started podman-hasura.service.
Mar 09 16:04:43 hasura podman-hasura-start[324]: Resolving "hasura/graphql-engine" using unqualified-search registries (/etc/containers/registries.conf)
Mar 09 16:04:46 hasura podman-hasura-start[324]: Copying blob sha256:141b63796c223137e9ceed83507c78dd07c1e21b662c0dc45ef685345ad1e3ca
Mar 09 16:04:56 hasura podman-hasura-start[324]: Copying config sha256:c7e4959a8d1d0d105e07ef57bedc06dc061202942a3264e838188408b62dbee4
Mar 09 16:04:56 hasura podman-hasura-start[324]: Writing manifest to image destination
Mar 09 16:04:56 hasura podman-hasura-start[324]: Storing signatures
Mar 09 16:05:05 hasura podman-hasura-start[324]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
Mar 09 16:05:05 hasura podman[324]: 2023-03-09 16:04:43.580866159 +0100 CET m=+0.030200735 image pull  hasura/graphql-engine:latest
Mar 09 16:05:05 hasura podman[324]: 
Mar 09 16:05:05 hasura podman[324]: 2023-03-09 16:05:05.49684873 +0100 CET m=+21.946183305 container create 9608678a868dcf47a36c110aa2f402bddb4e3d6a2b20e77eadca889dec510233 (ima>
Mar 09 16:05:06 hasura podman[324]: 2023-03-09 16:05:06.166474247 +0100 CET m=+22.615808819 container remove 9608678a868dcf47a36c110aa2f402bddb4e3d6a2b20e77eadca889dec510233 (im>
Mar 09 16:05:06 hasura podman-hasura-start[324]: Error: failed to set the loopback adapter up: operation not permitted
Mar 09 16:05:06 hasura systemd[1]: podman-hasura.service: Main process exited, code=exited, status=126/n/a
Mar 09 16:05:07 hasura systemd[1]: podman-hasura.service: Failed with result 'exit-code'.
Mar 09 16:05:07 hasura systemd[1]: podman-hasura.service: Scheduled restart job, restart counter is at 1.
Mar 09 16:05:07 hasura systemd[1]: Stopped podman-hasura.service.
Mar 09 16:05:07 hasura systemd[1]: Starting podman-hasura.service...
Mar 09 16:05:08 hasura systemd[1]: Started podman-hasura.service.
Mar 09 16:05:08 hasura podman-hasura-start[688]: Your kernel does not support pids limit capabilities or the cgroup is not mounted. PIDs limit discarded.
Mar 09 16:05:08 hasura podman[688]: 2023-03-09 16:05:08.822942237 +0100 CET m=+0.634314512 image pull  hasura/graphql-engine:latest
Mar 09 16:05:09 hasura podman[688]: 
Mar 09 16:05:09 hasura podman[688]: 2023-03-09 16:05:09.506433369 +0100 CET m=+1.317805647 container create feb76f728323487104f2b074a6326c6e4d3dbd3f586e55c3d68e59895deebbfd (ima>
Mar 09 16:05:09 hasura podman[688]: 2023-03-09 16:05:09.55648194 +0100 CET m=+1.367854214 container remove feb76f728323487104f2b074a6326c6e4d3dbd3f586e55c3d68e59895deebbfd (imag>
Mar 09 16:05:09 hasura podman-hasura-start[688]: Error: failed to set the loopback adapter up: operation not permitted

I tried also other .oci-containers. and i got this error. Is it fixable or .oci-containers. are just not supported?
Thanks in advance.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions