My docker container fails to communicate with the outside world no matter ports are open and network is properly set. I get ping, container is started without issues, but does not communicate over tcp. I get the error
systemd-udevd[11922]: veth09e2558: Failed to get link config: No such device
Any idea how to solve this?
Related
I have a cloudwatch agent installed in EC2 instance and also a docker image on the instance.
From the EC2 instance, I could successfully send out logs to endpoint(0.0.0.0:25888) to cloudwatch. But when I get into the docker image using docker exec -it <container id> bash, I tried to publish same logs from inside container but it failed with following error:
2861 2022-07-21 00:11:18,686 ERROR (10.0.1.124,1385:MainThread) aws_embedded_metrics.sinks.tcp_client: Failed to connect to the socket. [Errno 111] Connection refused
2862 2022-07-21 00:11:18,686 INFO (10.0.1.124,1385:MainThread) aws_embedded_metrics.sinks.agent_sink: Parsed agent endpoint (tcp) 0.0.0.0:25888
Wondering if anyone knows the root cause here or any debugging clue? Thanks in advance!
I run into this as well. My solution (workaround?) was to:
Make sure the cloudwatch agent is listening on udp://0.0.0.0:25888 and not 127.0.0.1 (the default). The CWAgent docs I have seen don't have any examples on how to achieve this.
Once inside the container, use the Docker host IP to send messages. For me this was export AWS_EMF_AGENT_ENDPOINT=udp://172.17.0.1:25888, as I was using aws-embedded-metrics-python. YMMV depending on the underlying library that you use.
I have setup a docker registry using docker-compose, largely following the recipe published by Docker here: https://docs.docker.com/registry/recipes/nginx/
Nginx and my registry start, and I am able to issue docker login from a different machine:
docker login https://myhost.mydomain.net
Once logged in I can push and pull images as expected.
Now I need a way to manage content in the remote registry. To that end, I defined a context:
docker context create myregistry-prod --docker "host=https://myhost.mydomain.net"
The command results in this message, which appears to arise during basic authentication:
error during connect: Post "http://myhost.mydomain.net/v1.24/auth": dial tcp 192.168.176.71:80: connectex: No connection could be made because the target machine actively refused it.
I assumed that a context using https would operate inside a TLS connection, so I'm surprised to see the client attempting to open port 80. By design, I have no program listening on port 80, hence the connection is refused.
Note that I am able to fetch the catalog using this URL in a browser, https://myhost.mydomain.net/v2/_catalog . The browser prompts for basic credentials, I supply them and get back the expected result. It appears that the Docker API working as expected passing through the Nginx container and being serviced by the registry container.
So, the question is, how do I go about diagnosing the issue? Did I make an error defining the context?
I'm quite sure I have a misunderstanding. This is my first attempt at docker compose and my first attempt at using nginx in front of Docker Registry. I will redact and post nginx.conf and docker-compose.yml if you need them but I am guessing it's a client-side problem. Any help you might offer will be greatly appreciated.
when i try to install a sandbox-hdp version 2.6.5 by hortonworks on docker in my system by running docker-deploy-hdp256.sh script with sh command i recived the error at the end of all the pulling and some verification checksums are done.
error:
docker: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:50075: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
but i could see the container with name sandbox-hdp. so i opened it and try to run hive. but it is giving some error related to connectivity.
i need to work on hive and for that i need to get this fixed.
In this case, sometimes is hard to turn off or close a port running because some of them is used by our computer or even a range of ports is reserved randomly. So in this opportunity try to delete this port in your sandbox-proxy script because you don't need to expose all ports. Ambari-hortonworks expose a lot of ports with docker and securely you won't use all of them.
I'm new to concourse and trying to set it up in my environment. I'm running Ubuntu 18.04 on Virtualbox 6.1.4 r136177 on Windows machine. I managed to get the node running and concourse worker set up, and I was able to access my concourse dashboard successfully. The problem occurred when I was trying to run a simple hello world pipeline as outlined on this page : https://concourse-ci.org/hello-world-example.html
The error says :
[31mERRO [0m[0004] check failed: get remote image: Get https://index.docker.io/v2/: dial tcp: lookup index.docker.io on [::1]:53: read udp [::1]:55989->[::1]:53: read: connection refused
Googling for similar error indicates that virtualbox might not be able to connect to docker repository. So I proceed with installing docker to my system and run the following command :
sudo docker run hello-world
But this this time docker successfully pulled the image. So I think it is not an issue with my virtualbox. Have anyone experienced the same issue and found a solution?
UPDATES
The following question inspire me to build my own registry :
How to use a local docker image as resource in concourse-docker
I have configured my local docker registry, and have verified that it does work by pulling my image from my own registry. So I configured a simple concourse pipeline to use my registry by modifying the hello world example :
---
jobs:
- name: job
public: true
plan:
- task: simple-task
config:
platform: linux
image_resource:
type: docker-image
source:
repository: 127.0.0.1:5000/busybox
tag: latest
insecure_registries: [ "127.0.0.1:5000" ]
run:
path: echo
args: ["Hello, world!"]
But then I run into the following error :
resource script '/opt/resource/check []' failed: exit status 1
stderr:
failed to ping registry: 2 error(s) occurred:
* ping https: Get https://127.0.0.1:5000/v2: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers
* ping http: Get http://127.0.0.1:5000/v2: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers
That 127.0.0.1 is likely referring to the IP of the check container, not the machine where Concourse is running as a worker (unless you have houdini as the container strategy). Try getting the actual IP of the machine running docker and try that.
I faced the same problem. In my case, concourse worker was installed on a qemu VM inside proxmox.
When starting a job with fly-t tutorials trigger-job --job hello-world/hello-world-job --watch command (given in tutorial), worker answered ERRO[0030] checking origin busybox failed: initialize transport: Get "https://index.docker.io/v2/": dial tcp xx.xx.xx.xx:443: i/o timeout.
It means that worker can't reach any DNS server.
There are two ways to solve this problem.
First option: run everything through docker-compose. docker-compose.yml has setting for worker: CONCOURSE_GARDEN_DNS_PROXY_ENABLE: "true". And all works fine. However, I tried to specify same setting when running worker directly inside VM (without docker), and this did not fix the problem.
Second option (without docker):
Use this settings for your worker:
CONCOURSE_RUNTIME=containerd
CONCOURSE_CONTAINERD_EXTERNAL_IP=192.168.1.106
CONCOURSE_CONTAINERD_DNS_SERVER=192.168.1.1
CONCOURSE_CONTAINERD_ALLOW_HOST_ACCESS=true
CONCOURSE_CONTAINERD_DNS_PROXY_ENABLE=true
After setting these parameters my worker could see DNS server and can get access docker registry.
Replace 192.168.1.106 with your machine address in your local network. And
192.168.1.1 with your DNS server.
These parameters are documented here. Also you can get these description with concourse worker --help command.
Containerd Container Networking:
--containerd-external-ip= IP address to use to reach container's mapped ports. Autodetected if not specified. [$CONCOURSE_CONTAINERD_EXTERNAL_IP]
--containerd-dns-server= DNS server IP address to use instead of automatically determined servers. Can be specified multiple times. [$CONCOURSE_CONTAINERD_DNS_SERVER]
--containerd-restricted-network= Network ranges to which traffic from containers will be restricted. Can be specified multiple times. [$CONCOURSE_CONTAINERD_RESTRICTED_NETWORK]
--containerd-network-pool= Network range to use for dynamically allocated container subnets. (default: 10.80.0.0/16) [$CONCOURSE_CONTAINERD_NETWORK_POOL]
--containerd-mtu= MTU size for container network interfaces. Defaults to the MTU of the interface used for outbound access by the host. [$CONCOURSE_CONTAINERD_MTU]
--containerd-allow-host-access Allow containers to reach the host's network. This is turned off by default. [$CONCOURSE_CONTAINERD_ALLOW_HOST_ACCESS]
I had the same issue. Cloned this repo - https://github.com/concourse/concourse-docker
followed the directions as per the readme to generate the keys and then used the docker-compose.yml file from the clone to spin up the docker container.
I want to remove all the unwanted docker images and containers from my system's C: drive. Currently system running out of memory. I had used the commands but it's showing the following error:
error during connect: Post https://192.168.99.100:2376/v1.40/containers/prune: dial tcp 192.168.99.100:2376: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
How do I resolve it?
image1
Running docker comments require the docker daemon (service) to be running.