On Wed, Sep 18, 2024 at 07:29:09PM +0000, Castelli, Anton wrote:David, Yes, that one instance was a mistake when I was anonymizing the IPs. Sorry for the confusion. Following your suggestion, I was able to set the sysctl value 'net.ipv4.ip_nonlocal_bind=1'. After that, I was able to successfully start the rootless container on the secondary server (that did not have the VRRP IP). You were correct that pasta emitted a warning, but it started anyway.Ok.With this workaround, I can now successfully start rootless containers on both the primary and secondary servers. The primary server responds to UDP queries on both its main IP address and the VRRP IP address. I tried a manual failover to the secondary server, which then also responds on the VRRP IP address in addition to its main IP address. Everything appears to be working as intended.Superb!Thank you so much for taking the time to help find a workaround to this issue! I'll be updating the bug report with the details on the workaround in case anyone else runs into the issue.Thanks for that. We have a _lot_ of edge cases of varying obscurity to sort out eventually; recording the details so they're not forgotten is super helpful. -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson