[7.0.0-beta.2] Docker Network Overwriting Docker Tempalte Settings.

in beta version 7 beta 1:

The docker network didn't have a mac address field filed in.

Tested on another system:

 

 

apologies as it was onthe wrong post to report a bug:

while it may not be the compose in this case. Please see a previous mentioned github bug report:
https://github.com/docker/compose/issues/10796

 

So I upgraded to 7 beta 2. Then started to see a docker that I set a static MAC address via extra options.
* THIS was working in 6 and beta 1

 

 

If i run docker inspect PhotoPrism I get the mac address I assigned to the docker:
 

 

However if I run the inspect command on the network itself In my case its bond0
...Bridging off / bonding on with a single network interface ...

The network has a different assigned mac address.

 

 

since in terminal:
docker exec -it -u root PhotoPrism /bin/bash
no ip a nor ifconfig exist.. However I can still cat and grab the active in the container:
 

 

So it is using the mac address from the network inspect command and not the assigned mac address via extra option...

It appears that in beta the template is not writing the full config or ignoring parts in the docker run it generates.

I originally caught this in my firewall when I noticed two mac with the same IP and was confused where the new mac was coming from...

If I change the template to use the one in the macvlan

 

 

This only fixes the template and docker inspect photoprism. But otherwise uses the docker network bond0 assigned 

Not sure why this bug is occurring. It appear to be affecting the plex docker as well...

Edited July 17 by bmartino1

This is only affecteing 7.0.0-beta.2

This is a minor new bug brought on by the latest docker updates. Similar reports with portainer and others where the option --mac address is being ignored.

I Have found Via testing that the docker network for macvlan is persistent and keeps the mac address after a reboot after first docker run and creation.

I honestly don't care as long as the mac address is not a constantly changing mac address. at this time, it appears that the mac address when assigned this static and saved.

While Still a minor Bug as that option is supposed to set the docker network mac address to something we chose...

ATM the solution is to use the extra parm command to set a random mac..
Then Run the docker and after creation run the docker inspect command.
Then grab the macvlan docker network mac addresses and set the address to maintain the same data in the container.

Or remove the extra parameter. (I Prefer to keep it to do a quick edit to confirm the mac in the web ui.)

This way I have a known mac address that will not change for network based docker activities such as unifi and pihole. 

@bmartino1 you are using IPVLAN in your Docker settings (from what I can see in your network settings) which will always use one MAC address (the one from the host), you have to switch over to MACVLAN in your Docker settings to be able to use different MAC addresses for different containers.

DOCKER_NETWORK_TYPE="1"

 

See also my post here about that:

 

Im absolutely sure this is a docker issue. I simply restarted the system and upon start up my previous container, that didnt get recreated or was touched in anyway has a different addresses assigned to it. The only way to get it working is to force-recreate the container.

After the restart:






After re-create:


Edit:
https://github.com/moby/moby/issues/48192

Edited July 19 by Mainfrezzer

8 hours ago, ich777 said:

@bmartino1 you are using IPVLAN in your Docker settings (from what I can see in your network settings) which will always use one MAC address (the one from the host), you have to switch over to MACVLAN in your Docker settings to be able to use different MAC addresses for different containers.

DOCKER_NETWORK_TYPE="1"

 

See also my post here about that:

 

Absolute this is a docker issue per other forum post and similar reports with portainer and reported on github.

ICH777:


Unless unraid is adding other weird data to the config or reloaded something, I have not changed theses setting since the update off 6.12 stable.

Besides,
Ipvlan would not execute that command and error as ipvlan shares the same mac address with the host a new one is never created for the Docker... (THIS IS WHY I DON"T RUN IPVLAN!) as most of my dockers especial network based one need a separate mac for there tools to be separate from the system they run on...
 

Not running ipvlan...

Edited July 19 by bmartino1

4 hours ago, Mainfrezzer said:

Im absolutely sure this is a docker issue. I simply restarted the system and upon start up my previous container, that didnt get recreated or was touched in anyway has a different addresses assigned to it. The only way to get it working is to force-recreate the container.

After the restart:






After re-create:


Edit:
https://github.com/moby/moby/issues/48192

run the docker inspect commands on the container and go to the bottom of the config, do you see a second mac address field? per my pictures above, the mac address option settings in the container "be the mac address used" is the one under network settings...

 

When I run the inspect command on an affected docker, there are 2 mac address in the inspect the option set at the top and one under network settings. The option set the one on top per container.

THE BUG.
Network setting is getting an autofill in from somewhere that is ignoring the option which is the bug...

Edited July 19 by bmartino1
spelling/grammer

23 minutes ago, bmartino1 said:

THIS IS WHY I DON"T RUN IPVLAN

Sorry but your Diagnostics tell a different story:

 

You have the config entry:

DOCKER_NETWORK_TYPE="1"

...which stands for IPVLAN, maybe this is the cause of the issue, try to stop the Docker service, change something and change it back so that the Apply button becomes clickable.

 

After that check if you still have the line DOCKER_NETWORK_TYPE="1" in your config, if it remains at 1 then something is wrong with the logic how the settings get applied.

 

I see that you are using a macvlan bond0 but the network will be set up differently with this line in your docker.cfg

4 hours ago, Mainfrezzer said:

https://github.com/moby/moby/issues/48192

If this is really the case then it's a Docker bug because Unraid 7.0.0-beta.2 uses Docker 27.0.3

7 minutes ago, ich777 said:

Sorry but your Diagnostics tell a different story:

 

You have the config entry:

DOCKER_NETWORK_TYPE="1"

...which stands for IPVLAN, maybe this is the cause of the issue, try to stop the Docker service, change something and change it back so that the Apply button becomes clickable.

 

After that check if you still have the line DOCKER_NETWORK_TYPE="1" in your config, if it remains at 1 then something is wrong with the logic how the settings get applied.

Tell me the config as this is also affecting @Mainfrezzer

I have per the commands, they all show macvlan per previous post. What option should that be then....
I will manual edit the config and change it...

as it is celarly not being set via the web ui....

I have other machines i can test this on as well. Per Original Beta Post:
per original beta bug info:
https://forums.unraid.net/bug-reports/prereleases/unraid-os-version-700-beta1-available-r3035/?do=findComment&comment=28928 

 

Also why I was talking there instead of a seperate post... 

 

On 7/10/2024 at 3:42 PM, Mainfrezzer said:

Thats a bug within the GUI and you can enable it manually by stopping the array, and deleting the dockernetworktype 1 line from the docker.cfg and then starting the array.

 

 

i did mention it here, in the thread, and reported it before. Its usable as long as you dont need incoming traffic because the macvtap suffers from incoming package drops.

PS: No call traces as of now

 

Also: it's somewhat of a pain that you cannot disable the macvtap and just use eth0 by itself :/. I really hope the workaround is not needed anymore 

 

Edited July 19 by bmartino1

7 minutes ago, bmartino1 said:

as it is celarly not being set via the web ui....

Can you please try to set it in the WebUI just to clear out a bug in the WebUI?

I really don't understand why you would do things manually, I just try to help:

 

9 minutes ago, bmartino1 said:

Also why I was talking there instead of a seperate post... 

And this is the reason why everyone should create a Bug report and not post in the release post, looking at you @Mainfrezzer <- you still have no information on the IPv6 thing correct?

BTW it will be fixed in the next version.

I also had to do lots of research why Docker now uses a DROP rule for IPv6 by default.

 

These aren't quick questions what you guys have and need further investigation in a separate bug report <- no offence but this is just for explanation why you should always create a bug report and never post in the announcement post.

5 minutes ago, ich777 said:

Can you please try to set it in the WebUI just to clear out a bug in the WebUI?

I really don't understand why you would do things manually, I just try to help:

 

And this is the reason why everyone should create a Bug report and not post in the release post, looking at you @Mainfrezzer <- you still have no information on the IPv6 thing correct?

BTW it will be fixed in the next version.

I also had to do lots of research why Docker now uses a DROP rule for IPv6 by default.

 

These aren't quick questions what you guys have and need further investigation in a separate bug report <- no offence but this is just for explanation why you should always create a bug report and never post in the announcement post.

Because I have already done that when trying to move to ipvlan and had to go back to macvlan that is the diagnostic at the start of the post has all of that change already... also why in other forum was talked about...

So it clearly was set and didn't unset... nor change.. So manual intervention is REQUIRED... especially if to test....

Beside this is a seperate issues Which is a different issue altogether that doesn't affect this bug report as the docker commands and docker network stuff ALL SHOW MACVLAN!...

as explained, earlier in the other form... which is why I didn't show a diag file to begin as it is not capturing the data need for the actually BUG....

Edited July 19 by bmartino1
spelling/grammer

4 hours ago, ich777 said:

And this is the reason why everyone should create a Bug report and not post in the release post, looking at you @Mainfrezzer 

That was an issue in beta1 and its fixed already.

 

 

4 hours ago, ich777 said:

 

And this is the reason why everyone should create a Bug report and not post in the release post, looking at you @Mainfrezzer <- you still have no information on the IPv6 thing correct?

BTW it will be fixed in the next version.

I also had to do lots of research why Docker now uses a DROP rule for IPv6 by default.

 

My time for that was a tat limited, i havent looked into it as to why, but i sure have to over the weekend because i only realised an hour ago that my ubuntu is running 27.0.3 too

Edit in this section: I reckon that they enabled the 6tables by default now. Ive compared 2 external servers ive and the ubuntu one has rules setup and the other one doesnt but both do ipv6

 

Edit-Edit: im not sure if i should cry or laugh to the why. History repeats itself, lmao

 

 

4 hours ago, ich777 said:

If this is really the case then it's a Docker bug because Unraid 7.0.0-beta.2 uses Docker 27.0.3

Indeed, this has never happend before.




 

5 hours ago, bmartino1 said:

run the docker inspect commands on the container and go to the bottom of the config, do you see a second mac address field? per my pictures above, the mac address option settings in the container "be the mac address used" is the one under network settings...

Yeah, it has its docker container mac and the network mac, which is the bog standard default mac adress given out by default

 

        "Config": {
            "Hostname": "AdGuard",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "3000/tcp": {},
                "3000/udp": {},
                "443/tcp": {},
                "443/udp": {},
                "53/tcp": {},
                "53/udp": {},
                "5443/tcp": {},
                "5443/udp": {},
                "6060/tcp": {},
                "67/udp": {},
                "68/udp": {},
                "80/tcp": {},
                "853/tcp": {},
                "853/udp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "HOST_HOSTNAME=Magnon-Box",
                "HOST_CONTAINERNAME=AdGuard-Home",
                "TCP_PORT_3001=3001",
                "TCP_PORT_80=82",
                "TCP_PORT_53=53",
                "UDP_PORT_53=53",
                "TZ=Europe/Berlin",
                "HOST_OS=Unraid",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "--no-check-update",
                "-c",
                "/opt/adguardhome/conf/AdGuardHome.yaml",
                "-w",
                "/opt/adguardhome/work"
            ],
            "Image": "adguard/adguardhome",
            "Volumes": null,
            "WorkingDir": "/opt/adguardhome/work",
            "Entrypoint": [
                "/opt/adguardhome/AdGuardHome"
            ],
            "MacAddress": "02:42:C0:A8:B2:03",
            "OnBuild": null,
            "Labels": {
                "maintainer": "AdGuard Team <[email protected]>",
                "net.unraid.docker.icon": "https://raw.githubusercontent.com/SiwatINC/unraid-ca-repository/master/icons/adguard.png",
                "net.unraid.docker.managed": "dockerman",
                "net.unraid.docker.webui": "http://[IP]:[PORT:80]/",
                "org.opencontainers.image.authors": "AdGuard Team <[email protected]>",
                "org.opencontainers.image.created": "2024-07-04T15:46:33Z",
                "org.opencontainers.image.description": "Network-wide ads & trackers blocking DNS server",
                "org.opencontainers.image.documentation": "https://github.com/AdguardTeam/AdGuardHome/wiki/",
                "org.opencontainers.image.licenses": "GPL-3.0",
                "org.opencontainers.image.revision": "c7d8b9ede1eaf8507e406875c679c0a1c21e9cca",
                "org.opencontainers.image.source": "https://github.com/AdguardTeam/AdGuardHome",
                "org.opencontainers.image.title": "AdGuard Home",
                "org.opencontainers.image.url": "https://adguard.com/en/adguard-home/overview.html",
                "org.opencontainers.image.vendor": "AdGuard",
                "org.opencontainers.image.version": "v0.107.52"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "5def90afc72f4de9aef4afde43884bd232a3bb7dcd4d23b0ef6cc75fa6f03c45",
            "SandboxKey": "/var/run/docker/netns/5def90afc72f",
            "Ports": {},
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "br0": {
                    "IPAMConfig": {
                        "IPv4Address": "10.0.0.3",
                        "IPv6Address": "fd00::42:c0ff:fea8:b203"
                    },
                    "Links": null,
                    "Aliases": [],
                    "MacAddress": "02:42:0a:00:00:03",
                    "DriverOpts": {},
                    "NetworkID": "ddcde32d4918cc8cb62567d971b1cd21fd6f1fb14646e37bdf226783c9ecc561",
                    "EndpointID": "20ec9292955cb6a8e3372bcf0cd75b9e0d1836aa76df0dae674e72f45842de9f",
                    "Gateway": "10.0.0.1",
                    "IPAddress": "10.0.0.3",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "fd00::1",
                    "GlobalIPv6Address": "fd00::42:c0ff:fea8:b203",
                    "GlobalIPv6PrefixLen": 64,
                    "DNSNames": [
                        "AdGuard-Home",
                        "d812856a6926",
                        "AdGuard"
                    ]

 

Edited July 19 by Mainfrezzer
shortend the code

9 hours ago, Mainfrezzer said:

My time for that was a tat limited, i havent looked into it as to why, but i sure have to over the weekend because i only realised an hour ago that my ubuntu is running 27.0.3 too

This is already fixed and the fix will be included in the next public beta.

To be clear the macvlan duplicate mac and ignoring mac address option is not fixed as of yet...

Just came to report I have the same issue. Didn't realize I had it until my router started randomly assigning the wrong IP addresses and upon inspection, the --mac-address was not working, all my containers have an incorrect MAC.

22 hours ago, Jclendineng said:

Just came to report I have the same issue. Didn't realize I had it until my router started randomly assigning the wrong IP addresses and upon inspection, the --mac-address was not working, all my containers have an incorrect MAC.

Thank you for reporting. Please post your diagnostic to help assist unraid and the dev team. 
Tool> diag