Why can't I lookup other container by DNS in container - docker

According to official Docker's doc, Docker will create DNS server when it started which makes it able to query other container directly by container ID or name.
containers that use a custom network use Docker’s embedded DNS server, which forwards external DNS lookups to the DNS servers configured on the host.
But when I trying to use nslookup directly in container it failed to lookup but wget still success! What makes it different?
Reproduce steps:
docker network create my-net
docker run -d --name web --network my-net httpd
docker run -it --rm --network my-net busybox
after inside busybox:
$ wget -q -O - web
<html>...some content...</html>
It works great! but use nslookup will failed:
$ nslookup web
Server: 127.0.0.11
Address: 127.0.0.11:53
Non-authoritative answer:
*** Can't find web: No answer
This is my docker's version:
$ docker version
Client: Docker Engine - Community
Version: 20.10.21
API version: 1.41
Go version: go1.19.2
Git commit: baeda1f82a
Built: Tue Oct 25 17:53:02 2022
OS/Arch: darwin/amd64
Context: colima
Experimental: true
Server:
Engine:
Version: 20.10.18
API version: 1.41 (minimum version 1.12)
Go version: go1.18.6
Git commit: e42327a6d3c55ceda3bd5475be7aae6036d02db3
Built: Sun Sep 11 07:10:00 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.6.8
GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc:
Version: 1.1.4
GitCommit: 5fd4c4d144137e991c4acebb2146ab1483a97925
docker-init:
Version: 0.19.0
GitCommit:

While reproducing your issue I noticed that nslookup failed for any query (e.g., nslookup google.com also failed. Afterwards, I tried spinning up an ubuntu container on the same network and there both wget and nslookup worked fine. I do not know the exact reason why this is so, but my guess is that wget and nslookup rely on some system functionalities which are different for busybox and for ubuntu.

Related

Unable to login to docker via Ubuntu 18.04.5 LTS

I am having an issue on login to docker from my Ubuntu 18.04.5 LTS
This is the command I run to login docker
sudo docker login -u myname -p mypass
This is the error I've got
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I did searches on google and seems it is not quite a common issue to everyone.
This is my docker version
Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:45:36 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:44:07 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
Basically, there are what I have done so far:
run sudo docker run hello-world to verify that my docker is runner properly
Hello from Docker!
This message shows that your installation appears to be working correctly.
...
run sudo vi ~/.docker/config.json to add "HttpHeaders
{
"auths": {},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.12 (linux)"
}
}
run sudo vi /etc/docker/daemon.json to add dns then reload daemon and restar docker
{
"dns": ["8.8.8.8","8.8.4.4" ]
}
run curl https://registry-1.docker.io/v2/ and sure enough I've got this
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
As people were talking about proxy server, I also did a test run curl https://google.com aand get respons, does it mean that my server is not reside behind a proxy?
Unfortunately, after try several combinations of above solutions, I'm still not able to login to docker.
Does anyone has any advice?

Docker swarm service environment variable is not visible within container

I am creating a docker service with an environment variable:
docker service create --env TEST=123 myservice
And I verify the environment variable was set with
$ docker service inspect myservice
...
ContainerSpec:
Env: TEST=123
...
But then the environment variable does not show up within the docker container. In particular, the code running inside the docker container prints os.Environ() and in the logs I see only the standard environment variable:
$ docker service logs myservice
[HOSTNAME=48bcddab9204 SHLVL=1 HOME=/root PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PWD=/app]
So the environment variable "TEST" is not set. How can I set up a service that defines this environment variable?
The output of docker version is
Client:
Version: 20.10.12
API version: 1.41
Go version: go1.17.5
Git commit: e91ed5707e
Built: Mon Dec 13 22:31:40 2021
OS/Arch: linux/amd64
Context: synology
Experimental: true
Server:
Engine:
Version: 20.10.3
API version: 1.41 (minimum version 1.12)
Go version: go1.15.13
Git commit: a3bc36f
Built: Thu Aug 19 07:11:25 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.4.3
GitCommit: ea3508454ff2268c32720eb4d2fc9816d6f75f88
runc:
Version: v1.0.0-rc93
GitCommit: 31cc25f16f5eba4d0f53e35374532873744f4b31
docker-init:
Version: 0.19.0
GitCommit: ed96d00
Variables should be defined in the environment when you use --env. If that's not happening, we'd need a complete example to reproduce. Here's an example showing that it works:
$ docker service create --name env-test --env TESTVAR=123 busybox tail -f /dev/null
nj9l6z57d9pviztyp9pglmv4r
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
697c1bf221b1 busybox:latest "tail -f /dev/null" 20 seconds ago Up 19 seconds env-test.1.vlrepc8mqqvx7gysh2qsymja8
$ docker exec -it env-test.1.vlrepc8mqqvx7gysh2qsymja8 env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=697c1bf221b1
TERM=xterm
TESTVAR=123
HOME=/root

How to communicate between Docker container and Linux host over SCTP

I tried to listen to SCTP on the docker container and connect to there from the Linux host machine. But it seems the connection timed out.
Is there any way to communicate between host and container over SCTP?
FYI: It looks container-to-container SCTP communication works fine.
Detailed information is the following:
Dockerfile for test-container
FROM ubuntu:focal
RUN apt update -y && apt install -y ncat
docker run
$ sudo docker run --rm --name sctp-server -p 9999:9999/sctp test-container:latest ncat --sctp -lv 9999
SCTP request (timeout)
$ ncat --sctp 127.0.0.1 9999
Ncat: TIMEOUT.
docker version
Client: Docker Engine - Community
Version: 19.03.13
API version: 1.40
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:02:52 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.13
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:01:20 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.7
GitCommit: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
FYI: Container-to-Container SCTP communication (works fine)
$ sudo docker network create -d bridge sctp
$ sudo docker run --rm --name sctp-server --net=sctp sctp-test:latest ncat --sctp -lv 9999
$ sudo docker run --rm --name sctp-client --net=sctp sctp-test:latest ncat --sctp 172.18.0.2 9999
Finally, I found the cause of this problem.
The reason for the timeout is it used the same SCTP port between host and container.
When I launched a container with
different ports like sudo docker run --rm --name sctp-server -p 19999:9999/sctp test-container:latest ncat --sctp -lv 9999 and run ncat --sctp 127.0.0.1 19999 on the host machine, it worked fine.
I'm not confident but I suspect the behavior of iptables.

Docker host network container service access under Windows

If I run docker container using the host network (--network host), for any services running in the container their exposed port can be directly accessed from host right?
I always thought so until I'm running docker container using the host network under Windows --
The ip a s eth0 shows that my container IP address is 192.168.65.3
The route | awk '/^default/ { print $2 }' gives 192.168.65.1
However, my host machine has an IP of 10.66.xx.xx
I.e., the container IP address and host IP are completely different. Unlike what the https://www.metricfire.com/blog/understanding-dockers-net-host-option/ says.
Anyway, if I'm running any services in the container, how to expose their port so that they can be directly accessed from host? (I thought with host network (--network host), you no longer need to map port from container to host)
thx
docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:23:10 2020
OS/Arch: windows/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:29:16 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
Host networking is not supported on Windows:
The host networking driver only works on Linux hosts, and is not supported on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server.
https://docs.docker.com/network/network-tutorial-host/
I would suggest trying the -p option to docker run, since that is supported on Windows.
Alternately, one forum user suggests using VirtualBox in bridged mode to install Linux, which can then use host networking. YMMV.

Metabase on docker not getting exposed

I'm having some trouble trying to get metabase running on docker.
I've installed Docker for Windows 7 following this tutotial.
Here is the docker version:
Client:
Version: 18.03.0-ce
API version: 1.37
Go version: go1.9.4
Git commit: 0520e24302
Built: Fri Mar 23 08:31:36 2018
OS/Arch: windows/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.05.0-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.10.1
Git commit: f150324
Built: Wed May 9 22:20:42 2018
OS/Arch: linux/amd64
Experimental: false
Now when I try to get the metabase running on docker, using
docker run -d -p 3000:3000 --name metabase metabase/metabase
and using
docker logs -f metabase
I get the message after all the setup:
Metabase Initialization COMPLETE
The problem is when I try to access http://0.0.0.0:3000 I get a ERR_ADDRESS_INVALID. I looked for all the ports that are "LISTENING" using
netstat -aon | find /i "listening"
I don't see the 0.0.0.0:3000 listed there.
Docker ps returns:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6a283cf6b8d7 metabase/metabase "/app/run_metabase.sh" 4 hours ago Up 4 hours 0.0.0.0:3000->3000/tcp metabase
I'm not sure if this is a problem with metabase image or with docker itself.
Does anyone have an idea on what this could be?
This 0.0.0.0 is not a valid IP address, but a non-routable meta-address
Your application is reachable on your machines IP address / hostname on port 3000.
If you are unsure, what your hostname is, you can run in powershell;
hostname
And then access it using http://your_hostname:3000

Resources