Description
Docker networking appears to still be broken in 28.0.1.
I am running a fresh install of the NVIDIA Jetson Linux on an NVIDIA Jetson Orin Nano.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
Docker version 28.0.1, build 068a01e
I have made no other changes than to copy the docker-compose.yaml file to the machine.
dave@ubuntu:~/ollama$ docker compose up
[+] Running 21/21
✔ ollama Pulled 104.0s
✔ 1b9f3c55f9d4 Pull complete 2.8s
✔ b48598350c3a Pull complete 3.1s
✔ c675bebda2db Pull complete 3.5s
✔ 42006779754c Pull complete 103.3s
✔ openWebUI Pulled 87.2s
✔ d51c377d94da Pull complete 3.6s
✔ 987cac002684 Pull complete 3.9s
✔ 076b75118273 Pull complete 5.4s
✔ 157e623d2984 Pull complete 5.4s
✔ 40d5353a5918 Pull complete 5.4s
✔ 4f4fb700ef54 Pull complete 5.4s
✔ aebeb0b4e5d0 Pull complete 5.4s
✔ 03f562834d64 Pull complete 5.4s
✔ dc0f62a912f5 Pull complete 32.4s
✔ d5719fd73d52 Pull complete 32.4s
✔ d32514fe2679 Pull complete 80.9s
✔ 76d16054d9ea Pull complete 85.5s
✔ 20c2e04f7bfa Pull complete 85.5s
✔ 5bb61eb10273 Pull complete 85.6s
✔ 445ddbefd034 Pull complete 86.5s
[+] Running 3/3
✔ Network ollama_default Created 0.1s
✔ Container ollama Created 0.1s
✔ Container open-webui Created 0.0s
Attaching to ollama, open-webui
Gracefully stopping... (press Ctrl+C again to force)
Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint ollama (28422f573e9a997429ed96a5f6d731e223c725cbe8d35d2c9dfac8f966a73adc): Unable to enable DIRECT ACCESS FILTERING - DROP rule: (iptables failed: iptables --wait -t raw -A PREROUTING -p tcp -d 172.18.0.2 --dport 11434 ! -i br-2d1c35b32c76 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3))
Here is the pretty basic docker-compose.yaml:
services:
openWebUI:
container_name: open-webui
image: ghcr.io/open-webui/open-webui:main
restart: unless-stopped
ports:
- "8080:8080"
volumes:
- /open-webui:/app/backend/data
depends_on:
- ollama
environment:
- WEBUI_AUTH=False
- OLLAMA_BASE_URL=http://localhost:11434
ollama:
container_name: ollama
image: ollama/ollama:latest
# image: dustynv/ollama:main-r36.4.0
runtime: nvidia
pull_policy: always
restart: unless-stopped
ports:
- "11434:11434"
volumes:
- /ollama:/root/.ollama
environment:
- OLLAMA_KEEP_ALIVE=24h
- OLLAMA_HOST=0.0.0.0:11434
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: all
capabilities: [gpu]
Reproduce
docker compose up
Expected behavior
The containers should come up and run properly.
If I downgrade to 27.x everything works as expected.
sudo apt install docker-ce=5:27.*
docker version
dave@ubuntu:~/ollama$ docker version
Client: Docker Engine - Community
Version: 28.0.1
API version: 1.47 (downgraded from 1.48)
Go version: go1.23.6
Git commit: 068a01e
Built: Wed Feb 26 10:41:16 2025
OS/Arch: linux/arm64
Context: default
Server: Docker Engine - Community
Engine:
Version: 27.5.1
API version: 1.47 (minimum version 1.24)
Go version: go1.22.11
Git commit: 4c9b3b0
Built: Wed Jan 22 13:41:23 2025
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.7.25
GitCommit: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
runc:
Version: 1.2.4
GitCommit: v1.2.4-0-g6c52b3f
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
dave@ubuntu:~/ollama$ docker info
Client: Docker Engine - Community
Version: 28.0.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.21.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.33.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 2
Running: 0
Paused: 0
Stopped: 2
Images: 2
Server Version: 27.5.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 nvidia runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
runc version: v1.2.4-0-g6c52b3f
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.148-tegra
Operating System: Ubuntu 22.04.5 LTS
OSType: linux
Architecture: aarch64
CPUs: 6
Total Memory: 7.441GiB
Name: ubuntu
ID: ccb022f3-ed3d-49c0-a849-dc12b1483aee
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
No response
Description
Docker networking appears to still be broken in 28.0.1.
I am running a fresh install of the NVIDIA Jetson Linux on an NVIDIA Jetson Orin Nano.
I have made no other changes than to copy the docker-compose.yaml file to the machine.
Here is the pretty basic docker-compose.yaml:
services:
Reproduce
docker compose up
Expected behavior
The containers should come up and run properly.
If I downgrade to 27.x everything works as expected.
sudo apt install docker-ce=5:27.*docker version
docker info
Additional Info
No response