colima access to kafka port with docker - docker

running Colima with reachable ip:
colima start --network-address
then colima list
PROFILE STATUS ARCH CPUS MEMORY DISK RUNTIME ADDRESS
default Running x86_64 4 8GiB 100GiB docker 192.168.106.2
and after the above, I'm running my docker-compose:
version: "3"
services:
kafka:
image: docker.io/bitnami/kafka:3.3
ports:
- "9092:9092"
volumes:
- "kafka_data:/bitnami"
environment:
- KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
- ALLOW_PLAINTEXT_LISTENER=yes
So I'm basically forwarding port "9092" on the kafka container to the host port "9092".
I tried to reach kafka through:
"192.168.106.2:9092"
"192.168.106.2"
"127.0.0.1:9092"
"localhost:9092"
"0.0.0.0:9092"
but I getting an error.
I know kafkaa container is working as I can access it, if Im trying to use it through a container inside the docker network.
how can I access it from my host machine?

Related

Cannot ping docker container created with docker-compose

I want to create a PostgreSQL cluster composed by a master and two slaves within three containers. I want to do that with docker-compose. Everything works fine but I cannot ping containers from my Mac.
Here the code of my docker-compose.yml.
On Stackoverflow there is this thread How could I ping my docker container from my host that address docker standalone and not docker-compose.
version: '3.6'
volumes:
pgmaster_volume:
pgslave1_volume:
pgslave2_volume:
services:
pgmaster:
container_name: pgmaster
build:
context: ../src
dockerfile: Dockerfile
image: docker-postgresql:latest
environment:
NODE_NAME: pgmaster # Node name
ports:
- 5422:5432
volumes:
- pgmaster_volume:/home/postgres/data
networks:
cluster:
ipv4_address: 10.0.2.31
aliases:
- pgmaster.domain.com
pgslave1:
container_name: pgslave1
build:
context: ../src
dockerfile: Dockerfile
image: docker-postgresql:latest
environment:
NODE_NAME: pgslave1 # Node name
ports:
- 5441:5432
volumes:
- pgslave1_volume:/home/postgres/data
networks:
cluster:
ipv4_address: 10.0.2.32
aliases:
- pgslave1.domain.com
pgslave2:
container_name: pgslave2
build:
context: ../src
dockerfile: Dockerfile
image: docker-postgresql:latest
environment:
NODE_NAME: pgslave2 # Node name
ports:
- 5442:5432
volumes:
- pgslave2_volume:/home/postgres/data
networks:
cluster:
ipv4_address: 10.0.2.33
aliases:
- pgslave2.domain.com
networks:
cluster:
driver: bridge
ipam:
config:
- subnet: 10.0.2.1/24
On my Mac, I have a 192.168.0.0 local network. I expect that doing ping 10.0.2.31 I can ping my container but this is not possible. I think this is due to Linux VM created inside Mac where containers live and the IPs are not reachable outside this VM.
Can someone help me to understand how to make the above three IP reachable? IPs are reachable from one container to another.
Here my full code:
https://github.com/sasadangelo/docker-postgres
you should be able to ping your containers from you host.
via public ip:
just use their public ip. (you had been trying to ping your
container local ip, inside the docker network)
how to find the container public IP?
you can get it by running ifconfig inside the container.
or
or by running on your host docker container inspect <container_id>.
it should be there under NetworkSettings.<network_name>.IPAddress )
via container name/id
docker is running some sort of dns on your machine so you can also use
the container name or id - ping <container_name/id>
note
the way to access your containers outside the docker network is via their published ports. you have bound port 5432 on the docker network to port 5442 on your host, therefore the container should listen and accept traffic at 127.0.0.1:5442 (thats your localhost at the port you've bound)

Conection to external host from docker container

My local enviroment has connection with a machine that has a BDD. When I ping this machine's IP I have a response.
When I sart my container with docker compose, this container doesn't have connection with this machine. If I enter the container with docker exec -it my-container sh and I ping the DBB machine I have no response.
I have docker installed in Windows 10 y my Docker Compose file looks like this:
version: '3.1'
services:
tomcat:
image: 'tomcat:7.0.91-jre8-alpine'
restart: always
volumes:
- ./warfiles:/home
- ./conf:/usr/local/tomcat/conf/Catalina/localhost
- ./context.xml:/usr/local/tomcat/conf/context.xml
- ./ik-report-config:/ik-report-conf
- ./lib/postgresql-9.3-1102-jdbc4.jar:/usr/local/tomcat/lib/postgresql-9.3-1102-jdbc4.jar
ports:
- 8070:8080
- 8000:8000
environment:
- REPORT_ENGINE_HOME=/ik-report-conf
Thank you very much for your help.
You should probably use network_mode: host.
From the Docker Network Guide:
host: For standalone containers, remove network isolation between the
container and the Docker host, and use the host’s networking directly.
What I had to use was network_mode: bridge

Can't access container IP from host docker for windows stack

I'm using the following docker compose file to build my docker swarm stack that have windows containers deployed in a Windows 10:
version: '3.2'
services:
service1:
image: myrepository/dotnet-framework:3.5-windowsservercore
environment:
- my_path="C:/app/build/app.exe"
- my_arg= 1
deploy:
replicas: 1
placement:
constraints:
- node.id == asdfasdgasgasg
volumes:
- service1:C:/app
service1:
image: myrepository/dotnet-framework:3.5-windowsservercore
ports:
- target: 7878
published: 7878
mode: host
environment:
- my_path="C:/app/app.exe"
- my_arg= 2
deploy:
replicas: 1
placement:
constraints:
- node.id == asdfasdgasgasg
volumes:
- service1:C:/app
volumes:
service2:
external:
name: service1
service1:
external:
name: service1
As you can see service2 is listening in port 7878. I know, as is shown in this post, that I can't reach this port using localhost:7878. Thus I run the command docker inspect containerID to figure out the IP address of the container.
If I ping the container service2 from service1, it responds. But If I try to access the port 10.0.3.18:7878 from the host, there's no response. How could I reach port 7878from the hots? On the other hand, I have Linux containers that must reach the 'service2' windows container.
Each of the docker containers in the service can communicate with each other by default as they are started up on their own private network. That is why you can ping between the service containers.
The port 7878 you opened up will also be accessible to the host windows 10 os via the host machine’s ip address not the container ip address. The container’s IP address is private even to the host os.
Ping may not work as you have not opened up the ping port in the service and there may not be a ping service in the image to respond to your ping request. I may be wrong on this last point. Ping is not a good method to verify if a container is working or not.
Windows updated and everything works as expected.

docker-compose to access port on host machine

Ip of host machine is 192.168.0.208.
docker-compose file is as follows:
version: '2'
services:
zl-tigervnc:
image: zl/dl-tigervnc:1.5
container_name: zl_dl_tigervnc
restart: always
tty: true
ports:
- "8001:8888"
- "6001:6006"
- "8901:5900"
- "10001:22"
devices:
- /dev/nvidia0
volumes:
- ~/data:/root/data
- /var/run/docker.sock:/var/run/docker.sock
extra_hosts:
- "dockerhost:192.168.0.208"
A container was launched by this script. The container want to access port 8080 on the host machine (e.g. 192.168.0.208:8080). But it doesn't work.
However, I use port forwarding to map 8080 on host machine to 8080 on router. Router's IP was 63.25.20.83. The container could access host machine's 8080 by port forwarding(e.g. 63.25.20.83:8080).
I have tried many solutions from https://github.com/docker/docker/issues/1143, but it still does not work.

Docker Container's network interface in promiscuous mode

compose a 3 services architecture and a virtual bridged network on which the three services are attached. I want one of the container to be able to listen to all the traffic within the virtual network (promiscuous mode). Is it possible? I've tried almost everything but nothing seems to be working.
What I've tried:
Giving full privileges to the container
Setting the container eth0 interface to promiscuous (ifconfig eth0 promisc)
restart the network manager inside the container
setting the veth relative to container in promiscuous mode from the host machine
modify the mode from "bridge" to "passthru" in the macvlan configuration from the pipework script
setting the container as gateway in the network properties of the docker-compose file
many of the above attempts results in the container's eth0 interface to "think" it is in promiscuous mode, in fact both ifconfig and syslog (from the host) say it is, but the container still sees only its own traffic.
I'm using Docker 1.11 and the base image inside the container is Ubuntu 14.04:latest
Below is listed my docker-compose file
Thanks in advance
docker-compose.yml
version: '2'
networks:
snort_net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.19.0.0/24
gateway: 172.19.0.3
services:
mysql:
build:
context: .
dockerfile: MySql/MySqlFile
environment:
- MYSQL_ALLOW_EMPTY_PASSWORD=yes
networks:
snort_net:
ipv4_address: 172.19.0.2
snort:
build:
context: .
dockerfile: Snort/SnortFile
depends_on:
- snorby
env_file:
- Snort/snort_variables.env
networks:
snort_net:
ipv4_address: 172.19.0.3
expose:
- "80"
- "21"
ports:
- "10100:80"
- "10101:80/udp"
- "21:21"
cap_add:
- NET_ADMIN
privileged: true
snorby:
build:
context: .
dockerfile: Snorby/SnorbyFile
depends_on:
- mysql
env_file:
- Snorby/snorby_variables.env
networks:
snort_net:
ipv4_address: 172.19.0.4
ports:
- "3000:3000"
i am able to get it working with below command while creating container as i decided to switch off to listen for all traffic
administrator#gitlabrunner-prod01:~$ docker run --rm --privileged -t -d -p 23:22 --name ubuntu ubuntu
A container is effectively attached to a virtual switch; it's never going to see anything other than (a) unicast traffic to the container or (b) broadcast/multicast traffic on the docker network. If you have it set up as a network gateway, it would also see any traffic being sent from other containers to destinations outside the network (but would still not see communication between other containers on the same network).
If you were using Linux bridges rather than macvlan, you should be able to attach tcpdump to the docker bridge and get what you want (either by running it on the host, or by running it inside a container with --net=host).

Resources