I would like to have a service being deployed as part of a docker stack to listen on ipv4.
Currently the docker stack deployed service (rabbitmq) is listening on ipv6, I would like to have it listen via ipv4.
The section of docker compose .yaml file that I using to deploy the docker stack as the following yaml section.
rabbitmq-3-11-0:
#image: rabbitmq:3.11.0-management
image: "127.0.0.1:5000/bcl-sdv-rabbitmq-3-11-0:v0.1"
ports:
-
"0.0.0.0:5672:5672/tcp"
-
"0.0.0.0:15672:15672/tcp" #15672: HTTP API clients, management UI and rabbitmqadmin (only if the management plugin is enabled)
On deployment of the docker stack, the "rabbitmq-3-11-0" service is deployed successfully.
To test IP connectivity I issue the following commands on the docker node.
ncat -w 2 -v ::1 5672 </dev/null; echo $?
yields
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to ::1:5672.
While the command
ncat -w 2 -v 0.0.0.0 5672 </dev/null; echo $?
yields
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 0.0.0.0:5672.
Ncat: Connection reset by peer.
1
The command
ncat -w 2 -v 127.0.0.1 5672 </dev/null; echo $?
produces
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:5672.
Ncat: Connection reset by peer.
1
The netstat command below
sudo netstat -tulnp|grep 5672
shows that the ports 5672 and 15672 are listening on ipv6.
tcp6 4 0 :::5672 :::* LISTEN 2527/dockerd
tcp6 0 0 :::15672 :::* LISTEN 2527/dockerd
The command to determine the docker version below
docker info|grep Version
Outputs
Server Version: 20.10.20
Cgroup Version: 1
Kernel Version: 3.10.0-1160.76.1.el7.x86_64
The Linux version command below
lsb_release
prints
LSB Version: :core-4.1-amd64:core-4.1-noarch
Related
Environment:
Macbook Pro: 10.13.6 (17G65) High Sierra
Docker Desktop: 2.4.0.0
Docker Engine: 19.03.13
Browser: Chrome Version 87.0.4280.88 (Official Build) (x86_64)
I can't get the JFrog Container Registry webapp to run.
I followed the instructions on their website here to run a local docker container. When I initially connect to http://127.0.0.1:8081/artifactory, I see a loading animation like this:
Then, it automatically redirects to http://127.0.0.1:8082/ui and gives an error:
"This site can’t be reached. 127.0.0.1 refused to connect."
If I try to go to http://127.0.0.1:8081/artifactory, it just goes back to http://127.0.0.1:8082/ui and fails again. I tried to use incognito and other browsers with the same result
I tried several docker run variants, but the simplest one I tried was:
$docker run --name JCR -d -p 8081:8081 -v /Users/username/git/artifactory/docker-registry:/var/opt/jfrog/artifactory docker.bintray.io/jfrog/artifactory-jcr:latest
I checked the docker container and it is running and listening on various ports:
$ netstat -tulpn | grep LISTEN
tcp 0 0 127.0.0.1:8091 0.0.0.0:* LISTEN 3693/java
tcp 0 0 127.0.0.1:8070 0.0.0.0:* LISTEN 3562/node
tcp 0 0 127.0.0.1:8040 0.0.0.0:* LISTEN 3693/java
tcp 0 0 0.0.0.0:8045 0.0.0.0:* LISTEN 3693/java
tcp 0 0 127.0.0.1:8046 0.0.0.0:* LISTEN 3274/jf-router
tcp 0 0 127.0.0.1:8047 0.0.0.0:* LISTEN 3274/jf-router
tcp 0 0 127.0.0.1:8015 0.0.0.0:* LISTEN 3693/java
tcp 0 0 127.0.0.1:8049 0.0.0.0:* LISTEN 3274/jf-router
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 3693/java
tcp 0 0 127.0.0.1:8086 0.0.0.0:* LISTEN 3422/jf-metadata
tcp6 0 0 :::8082 :::* LISTEN 3274/jf-router
UPDATE
This worked when using the below docker run command (new docker image URL)
docker run -d --name artifactory -p 8082:8082 -p 8081:8081 -v /Users/username/git/artifactory/docker-registry:/var/opt/jfrog/artifactory releases-docker.jfrog.io/jfrog/artifactory-jcr:latest
It looks like you followed the instructions for 6.x, which are not valid for 'latest', which is 7.x. You should follow the instructions for Docker for 7.x (https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory#InstallingArtifactory-DockerInstallation). The only difference is that you will need to change it from pointing to the PRO to JCR.
If you want a super quick and dirty way to just get it up and running, this will do:
docker volume create artifactory-data
docker pull releases-docker.jfrog.io/jfrog/artifactory-jcr:latest
docker run -d --name artifactory -p 8082:8082 -p 8081:8081 -v artifactory-data:/var/opt/jfrog/artifactory releases-docker.jfrog.io/jfrog/artifactory-jcr:latest
You will then access it at localhost:8082 (or localhost:8081, which will just redirect to 8082).
I'm trying to run an application in Docker on an EC2 instance. It is two separate processes. I'm able to access the ports for process 1, but not process 2.
Process 1 listens on the following ports:
2008
8080
Process two listens on the these ports:
2021
8084
The security rules allow for all traffic to all ports from all origins:
Netstat shows both ports on process 2 are listening
netstat -an | grep 2021
tcp6 0 0 :::2021 :::* LISTEN
netstat -an | grep 8084
tcp6 0 0 :::8084 :::* LISTEN
The docker command opens all of the above ports:
docker run -ti --privileged=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 8080:8080 -p 2008:2008 -p 8084:8084 -p 2021:2021 myname/image_name /usr/sbin/init
There is no firewall process running.
Yet, a zenmap scan shows only ports 2008 and 8080 of the above four are listening - 2021 and 8084 don't show up.
Any ideas why this would be? I can't think of what else to look for.
I am trying to deploy a simple docker swarm service using routing mesh from this manual pages and access it.
Initialize docker swarm cluster with single manager node:
PS> docker swarm init --advertise-addr 192.168.1.156
Swarm initialized: current node (jpajl1nkr3xr1f3c3jqi56qia) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-2n1s6wap5dp1pjzzzqroyg22pqkwpnfijilmbdfgwjbkcqwder-5kqt701dv329fduhoaqld9m3y 192.168.1.156:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
Deploy service:
PS> docker service create --name my_web --publish published=80,target=80 --replicas 3 nginx
fqy4vi3hjncougtak9qj9fuz0
overall progress: 3 out of 3 tasks
1/3: running [==================================================>]
2/3: running [==================================================>]
3/3: running [==================================================>]
verify: Service converged
Check service and containers:
PS> docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
fqy4vi3hjnco my_web replicated 3/3 nginx:latest *:80->80/tcp
PS> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d24a85b4d6ba nginx:latest "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp my_web.2.b44g8bjs95ac8v0g90hnv2cjd
b6466f252b46 nginx:latest "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp my_web.3.hpc4zxlr178tklf84t1y5rc64
35e194264098 nginx:latest "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp my_web.1.u1euqrfwq2te75zsbkmfkv0bq
Request:
PS> curl http://localhost
curl : Se ha terminado la conexión: La conexión ha terminado de forma inesperada.
<< (Free Translation) curl: Connection is terminated: The connection has finished unexpectedly. >>
En línea: 1 Carácter: 1
+ curl http://localhost
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Same result with these alternatives:
PS> curl http://localhost:80
PS> curl http://127.0.0.1:80
PS> curl http://192.168.1.156
PS> curl http://192.168.1.156:80
Check listening ports in Windows:
CMD> netstat -a -b | find "80"
TCP 0.0.0.0:80 fs1322:0 LISTENING
TCP 0.0.0.0:7680 fs1322:0 LISTENING
TCP 0.0.0.0:8080 fs1322:0 LISTENING
TCP 169.254.80.254:139 fs1322:0 LISTENING
TCP 172.19.80.1:53 fs1322:0 LISTENING
TCP 172.19.80.1:139 fs1322:0 LISTENING
Check listening ports in one container
# netstat -ltpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.11:34835 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/nginx: master pro
tcp6 0 0 :::80 :::* LISTEN 1/nginx: master pro
The execution of curl localhost in one container succeded:
# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
</head>
</html>
Environment:
OS: Windows 10 Pro (2004)
Docker Desktop for Windows: 2.3.0.3
Docker Engine: 19.03.8
Virtualization: WSL2
Console: Windows PowerShell (not Administrator)
I installed the latest HDP into the docker container.
docker ps
>hortonworks/sandbox-proxy:1.0
>hortonworks/sandbox-hdp:3.0.1
Kafka broker is running at 6667 port that it's working fine.
>ssh hdfs#sandbox-hdp.hortonworks.com -p 2222
> echo "send test message" | kafka-console-producer.sh --broker-list sandbox-hdp.hortonworks.com:6667 --topic hotelReservation > /dev/null
>kafka-console-consumer.sh --bootstrap-server sandbox-hdp.hortonworks.com:6667 --topic test --from-beginning
The only problem is that I don't have access to the Kafka broker outside the docker container.
More information for troubleshooting:
I verified that all the ports are open local machine -> proxy -> hdp
HDP Server:
hostname -I
172.18.0.2
netstat -vatn | grep 6667
tcp 0 0 172.18.0.2:6667 0.0.0.0:* LISTEN
Proxy Server
hostname -I
172.18.0.3
nmap 172.18.0.2 -p 6667
6667/tcp open irc
netstat -vatn | grep 6667
tcp 0 0 0.0.0.0:6667 0.0.0.0:* LISTEN
My Local machine:
nmap sandbox-hdp.hortonworks.com -p 6667
Host is up (0.000064s latency).
rDNS record for 127.0.0.1: localhost
PORT STATE SERVICE
6667/tcp open irc
Note: 6668 is open too.
included default stream conf (/etc/nginx/conf/stream.d/tcp-hdp.conf):
server {
listen 6668;
proxy_pass sandbox-hdp:6667;
}
So I decided to create new config the http: /etc/nginx/conf/stream.d/tcp-hdp.conf
server {
listen 6667;
server_name sandbox-hdp.hortonworks.com;
location / {
proxy_pass http://sandbox-hdp:6667;
}
}
Note: I read (here) that I should use advertised.listeners to access broker outside the doctor:
>listeners=PLAINTEXT://0.0.0.0:6667
>advertised.listeners=PLAINTEXT://172.18.0.2:6667
but I 'm sure that's incorrect for my case. I have access in this network, the problem is some type of Nginx mapping only.
Solution:
Run the following command to find hortonworks/sandbox-proxy container id.
docker ps
Log in to the proxy server
docker exec -it CONTAINER_ID /bin/bash
add new mapping in the nginx
cd /etc/nginx/conf.stream.d
vim tcp-hdp.conf
config:
server {
listen 6667;
proxy_pass sandbox-hdp:6667;
}
reload nginx mapping:
/etc/init.d/nginx reload
Test:
> ./kafka-console-consumer.sh --bootstrap-server localhost:6668 --topic topicName --from-beginning
> echo "msg" | ./kafka-console-producer.sh --broker-list sandbox-hdp.hortonworks.com:6668 --topic topicName > /dev/nul
The problem was that 6667:6667 mapping was missing. Now brokers are access both 6667 and 6668 ports.
I'm run Cassandra docker container:
docker pull cassandra
run --name cassandra -p 9042:9042 -p 9160:9160 -d cassandra
The netstat -tpln is:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
LISTEN - tcp6 0 0 [::]:9160 [::]:*
LISTEN - tcp6 0 0 [::]:9042 [::]:*
Connection to C* from local cqlsh is Ok:
docker exec -it cassandra /bin/bash
#cqlsh
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.1.1 | CQL spec 3.3.1 | Native protocol v4]
Use HELP for help.
cqlsh> show host
Connected to Test Cluster at 127.0.0.1:9042.
I install the local cqlsh:
$cqlsh --version
cqlsh 4.1.1
but, I don't connecton with docker container from localhost:
$sqlsh
Traceback (most recent call last):
File "/usr/sbin/cqlsh", line 2067, in <module>
main(*read_options(sys.argv[1:], os.environ))
. . .
File "/home/akalend/src/cqlsh_standalone/lib/thrift-python-internal-only-0.9.1.zip/thrift/transport/TSocket.py", line 103, in read
socket.error: [Errno 104] Connection reset by peer
So, I don't connection from localhost php-driver.
How I can connection cassandra docker with my php script & cqlsh?
Why docker mapping port to tcp6, do not tcp4 ? resolve
Why the local cqlsh (version 4.1) connect by 9160 port, but docker container cqlsh(version 5.0.1) connect by 9042 port?
added info
If run conteiner as:
run --name cassandra -p 127.0.0.1:9042:9042 -p 127.0.0.1:9160:9160 -d cassandra
I have listen ip4 ports:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9160 0.0.0.0:* LISTEN 2454/docker-proxy
tcp 0 0 127.0.0.1:9042 0.0.0.0:* LISTEN 2462/docker-proxy
but I havn't connection with cqlsh & php
socket.error: [Errno 104] Connection reset by peer
PHP Fatal error: Uncaught exception 'Cassandra\Exception\RuntimeException' with message 'No hosts available for the control connection' in /home/akalend/projects/test/cassa/test.php:7
Stack trace:
#0 /home/akalend/projects/test/cassa/test.php(7): Cassandra\DefaultCluster->connect('system')
#1 {main} thrown in /home/akalend/projects/test/cassa/test.php on line 7
Try to change your docker run command as :
docker pull cassandra
docker run --name cassandra -p 127.0.0.1:9042:9042 -p 127.0.0.1:9160:9160 -d cassandra
This will ensure the docker container maps to the IPv4.
9160 - Thrift client API
9042 - CQL native transport port
From your PHP application, you have to connect to the Thrift port. Please follow the example as in http://support.qualityunit.com/942764-Example-of-PHP-application-readingwriting-to-Cassandra
In the above example, for connecting to the cassandra container from the same machine where the container is running, you can still use the same TSocket('127.0.0.1', 9160).
If you plan to connect from a different machine, then you have to use TSocket('IP/Domain name', 9160) in this, the IP/ Domain name is the identifier for the machine where the docker container is running.
If your PHP application is in another docker container on the same machine, first you have to link the containers, then you can use the TSocket('alias name', 9160) in this, the alias name is the name you have for the link.
try {
// Make a connection to the Thrift interface to Cassandra
$socket = new TSocket('127.0.0.1', 9160);