opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-02 02:26:52 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/docs/source/markdown/podman-network-reload.1.md
Matthew Heon b0286d6b43 Implement pod-network-reload 
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.

Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).

At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2020-12-07 19:26:23 +01:00

1.7 KiB
Raw Blame History

% podman-network-reload(1)

NAME

podman-network-reload - Reload network configuration for containers

SYNOPSIS

podman network reload [options] [container...]

DESCRIPTION

Reload one or more container network configurations.

Rootful Podman relies on iptables rules in order to provide network connectivity. If the iptables rules are deleted, this happens for example with firewall-cmd --reload, the container loses network connectivity. This command restores the network connectivity.

This command is not available for rootless users since rootless containers are not affected by such connectivity problems.

OPTIONS

--all, -a

Reload network configuration of all containers.

--latest, -l

Instead of providing the container name or ID, use the last created container. If you use methods other than Podman to run containers such as CRI-O, the last started container could be from either of those methods.

The latest option is not supported on the remote client.

EXAMPLE

Reload the network configuration after a firewall reload.

# podman run -p 80:80 -d nginx
b1b538e8bc4078fc3ee1c95b666ebc7449b9a97bacd15bcbe464a29e1be59c1c
# curl 127.0.0.1
works
# sudo firewall-cmd --reload
success
# curl 127.0.0.1
hangs
# podman network reload b1b538e8bc40
b1b538e8bc4078fc3ee1c95b666ebc7449b9a97bacd15bcbe464a29e1be59c1c
# curl 127.0.0.1
works

Reload the network configuration for all containers.

# podman network reload --all
b1b538e8bc4078fc3ee1c95b666ebc7449b9a97bacd15bcbe464a29e1be59c1c
fe7e8eca56f844ec33af10f0aa3b31b44a172776e3277b9550a623ed5d96e72b

SEE ALSO

podman(1), podman-network(1)

HISTORY

December 2020, Originally compiled by Paul Holzinger paul.holzinger@web.de