David,

Yes, that one instance was a mistake when I was anonymizing the IPs. Sorry for the confusion.

Following your suggestion, I was able to set the sysctl value 'net.ipv4.ip_nonlocal_bind=1'. After that, I was able to successfully start the rootless container on the secondary server (that did not have the VRRP IP). You were correct that pasta emitted a warning, but it started anyway.

With this workaround, I can now successfully start rootless containers on both the primary and secondary servers. The primary server responds to UDP queries on both its main IP address and the VRRP IP address. I tried a manual failover to the secondary server, which then also responds on the VRRP IP address in addition to its main IP address. Everything appears to be working as intended.

Thank you so much for taking the time to help find a workaround to this issue! I'll be updating the bug report with the details on the workaround in case anyone else runs into the issue.

Thanks,

ANTON CASTELLI

Network Engineer V

OFFICE OF INFORMATION TECHNOLOGY

MAIL CODE 4622

SOUTHERN ILLINOIS UNIVERSITY

625 WHAM DRIVE

ROOM B15

CARBONDALE, ILLINOIS 62901

anton.castelli@siu.edu

P: 618.453.6424

OIT.SIU.EDU

From: David Gibson <david@gibson.dropbear.id.au>
Sent: Tuesday, September 17, 2024 9:14 PM
To: Castelli, Anton <anton.castelli@siu.edu>
Cc: passt-user@passt.top <passt-user@passt.top>
Subject: Re: Rootless Podman with VRRP

[EXTERNAL EMAIL ALERT]: Verify sender before opening links or attachments.