ghcr.io/srl-labs/clab fails on Podman

[ankudinov]

docker run --rm -it --privileged \
  --network host \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --pid="host" \
  -w $(pwd) \
  -v $(pwd):$(pwd) \
  ghcr.io/srl-labs/clab bash

Once started this way clab deploy works perfectly with the following clab topology:

---
name: test
prefix: ""

mgmt:
  ipv4-subnet: 10.0.0.0/16

topology:
  kinds:
    ceos:
      image: arista/ceos:latest
  defaults:
    kind: ceos
  nodes:
    ar01:
      mgmt-ipv4: 10.0.1.1
    ar02:
      mgmt-ipv4: 10.0.1.2

  links:
    - endpoints: ["ar01:eth1_1", "ar02:eth1_1"]

However when replaced with podman run it fails with:

INFO[0000] Containerlab v0.57.2 started
INFO[0000] Parsing & checking topology file: topology.clab.yml
WARN[0000] failed gleaning v4 and/or v6 addresses from bridge via netlink, falling back to docker network inspect data
Error: failed to lookup link "br-2f72e818ccc3": Link not found

Curious if anyone have seen this before and found any solution? I might dig into that myself later, however usually I run cLab on our own devcontainer images and this works just fine. As it works via VSCode, there should be some knob in place...

This is rootful podman with Docker compatibility enabled:

 ls -la /var/run | grep docker
lrwxr-xr-x   1 root         daemon          60 Sep 20 14:07 docker.sock -> /Users/pa/.local/share/containers/podman/machine/podman.sock

PS: this is on ARM MacBook =wink=

[ankudinov]

Feel free to re-classify as discussion or close due to no official Podman support. However Podman is much better in 2024 and it works if not executed in clab container. So, probably feasible to investigate.

[steiler]

@ankudinov since you did unfortunately not provide the command you started the podman container with, I want to ask you if you've started podman with the --priviledged flag or not?

[ankudinov]

Same command as with Docker. Just the first keyword replaced with podman. Yes, it's --privileged.
I did some further digging this direction, the difference is that cLab container can only do DooD lab deployments. And I can not make DooD working for ghcr.io/srl-labs/clab or my own container with Podman. DinD works great with both Docker and Podman when container is started by VSCode. When started manually, it still works but dind-var-lib-docker:/var/lib/docker mount must be done and Docker has to be started inside the container.

So, the above question can be broken down into:

1. cLab and DooD - can it work with Podman? Anyone done it before? If yes - should we look at that?
2. cLab and DinD - is working. IMO it should be integrated into cLab at some point. (in fact a lightweight version of Codespaces container should be able to do the work)

I'm happy to commit something on DinD front once I have cycles. Not sure if I have enough motivation for DooD though. I feel that Podman DooD with cLab on a Mac is a path to despair. Although I'd be still very curious to learn what is different.
It's up to you and @hellt if you want to close this issue or keep it for tracking and assign to me or anyone else.