NetworkManager working on single app, broken when moving to Multicontainer

rcullen · November 30, 2018, 4:39am

I recently moved a single container app to a multicontainer app and Network Manager is no longer working

root@fincm3-xxxxxx:/usr/src/app# nmcli
Error: Could not create NMClient object: Could not connect: No such file or directory.

Here is my docker-compose.yml

version: '2'
volumes:
    resin-data:
services:
  perfmon:
    build: ./perfmon
    network_mode: host
    privileged: true
    restart: always
    expose:
      - "80"
    volumes:
      - 'resin-data:/data'

Based on https://www.balena.io/docs/reference/OS/network/2.x/#changing-the-network-at-runtime I already had the following lines in ./perfmon/Dockerfile.template. This was working in a single app container:

ENV INITSYSTEM on
ENV DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket
RUN apt-get update && apt-get install -y network-manager && systemctl mask NetworkManager.service

rcullen · November 30, 2018, 5:41am

I have had a few devices drop offline after pushing an update and they only way to get them back online is by power cycling them.

I have a feeling that by adding:

network_mode: host

I could delete:

ENV DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket
RUN systemctl mask NetworkManager.service

But am not sure. Ideas/feedback welcome…

majorz · November 30, 2018, 12:44pm

Hi @rcullen ,

Can you please share more details about what network settings you would like to modify at runtime, so that I can prove more advice and assistance? Like what type of connection you would like to establish, are there any special settings like static IP addresses, etc. I will answer here to the questions you raise, but it will be really helpful to have more additional context.

Setting DBUS_SYSTEM_BUS_ADDRESS is not enough for multicontainer environment.
You will need to set the following label io.balena.features.dbus: '1'. Setting the dbus label will bind mount the socket path to the container. Without it it won't exist in that location and this is the reason you got the abovenmcli` error.

If you need to use nmcli from an environment then indeed you always have to mask the NetworkManager service installed in the container.

Also please note that possibly you may not need INITSYSTEM set in your container for multicontainer environment. Do you have need any systemd services running in that container? And what are they if yes?

For the device not getting back online after update, can you let us know from which are the two OS versions you are updating from and to. Also how is the device connected to the Internet - Ethernet, WiFi or cellular. And if the connection settings are permanent or they are established each time dynamically from a container.

rcullen · December 19, 2018, 12:54pm

@majorz - SOLVED

You are a legend, thank you sir.

majorz · December 19, 2018, 12:57pm

@rcullen thanks for the follow up! I am glad it is solved now.