BUG REPORT INFORMATION
Description
Cannot ping docker-compose service from within a container on Windows 10.
Pinging the IP address of that service works.
Steps to reproduce the issue:
1 Create docker-compose-quick-servers.yml with the following content
version: '3.4'
services:
server1:
image: mcr.microsoft.com/windows/nanoserver
container_name: Server_1
entrypoint: ping -t localhost
server2:
image: mcr.microsoft.com/windows/nanoserver
container_name: Server_2
entrypoint: ping -t localhost
networks:
default:
external:
name: nat
2 Run the docker containers: docker-compose -f .\docker-compose-quick-servers.yml up -d
3 Ping the other docker-compose service: docker exec Server_1 ping server2
Describe the results you received:
The ping fail. The same operation with the second service IP address works fine.
Describe the results you expected:
We should be able to ping services using its defined name.
Additional information you deem important (e.g. issue happens only occasionally):
It works fine in our prod environment (on Windows Server 2016).
Output of docker version:
Client: Docker Engine - Community
Version: 18.09.2
API version: 1.39
Go version: go1.10.8
Git commit: 6247962
Built: Sun Feb 10 04:12:31 2019
OS/Arch: windows/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.2
API version: 1.39 (minimum version 1.24)
Go version: go1.10.6
Git commit: 6247962
Built: Sun Feb 10 04:28:48 2019
OS/Arch: windows/amd64
Experimental: false
Output of docker info:
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 9
Server Version: 18.09.2
Storage Driver: windowsfilter
Windows:
Logging Driver: json-file
Plugins:
Volume: local
Network: ics l2bridge l2tunnel nat null overlay transparent
Log: awslogs etwlogs fluentd gelf json-file local logentries splunk syslog
Swarm: inactive
Default Isolation: hyperv
Kernel Version: 10.0 17134 (17134.1.amd64fre.rs4_release.180410-1804)
Operating System: Windows 10 Enterprise Version 1803 (OS Build 17134.706)
OSType: windows
Architecture: x86_64
CPUs: 8
Total Memory: 15.93GiB
Name: H198818
ID: HOKO:5CAS:SIQ2:SCLD:3TB7:A6GG:EH5X:763G:CBV5:UQMJ:BGSO:PF2Y
Docker Root Dir: E:\ProgramData\Docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: -1
Goroutines: 36
System Time: 2019-04-18T15:33:25.7898496-04:00
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
docker inspect for both containers
container 1
[
{
"Id": "a187264b5df41392b85a6b0d465af14e0dae699893aa2bd7d325d3638ca37280",
"Created": "2019-07-19T15:41:58.0571535Z",
"Path": "ping",
"Args": [
"-t",
"localhost"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1180,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-07-22T13:10:28.0169558Z",
"FinishedAt": "2019-07-20T03:42:53.7800119-04:00"
},
"Image": "sha256:cf751d69394af7dc72bd2a251b5f206c623d58ad3c227b4eb38b7f78695fd6c6",
"ResolvConfPath": "",
"HostnamePath": "",
"HostsPath": "",
"LogPath": "C:\\ProgramData\\Docker\\containers\\a187264b5df41392b85a6b0d465af14e0dae699893aa2bd7d325d3638ca37280\\a187264b5df41392b85a6b0d465af14e0dae699893aa2bd7d325d3638ca37280-json.log",
"Name": "/Server_2",
"RestartCount": 0,
"Driver": "windowsfilter",
"Platform": "windows",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "nat",
"PortBindings": {},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 0,
"ConsoleSize": [
0,
0
],
"Isolation": "hyperv",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": null,
"ReadonlyPaths": null
},
"GraphDriver": {
"Data": {
"dir": "C:\\ProgramData\\Docker\\windowsfilter\\a187264b5df41392b85a6b0d465af14e0dae699893aa2bd7d325d3638ca37280"
},
"Name": "windowsfilter"
},
"Mounts": [],
"Config": {
"Hostname": "a187264b5df4",
"Domainname": "",
"User": "ContainerUser",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": null,
"Image": "mcr.microsoft.com/windows/nanoserver:1809",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"ping",
"-t",
"localhost"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "be02643ae0be24af8c209ead0232c7c323bce17485989dc12dfc691d5d5ec1b6",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "temp",
"com.docker.compose.service": "server2",
"com.docker.compose.version": "1.23.2"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a187264b5df41392b85a6b0d465af14e0dae699893aa2bd7d325d3638ca37280",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "a187264b5df41392b85a6b0d465af14e0dae699893aa2bd7d325d3638ca37280",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"nat": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"server2",
"a187264b5df4"
],
"NetworkID": "a8c298597e4971959a217132aaf2521cdc5d0b3ce887580ad4239dce75f7e697",
"EndpointID": "edbb8a518b5be347f2c600864838bc850d8951a1e09a78b97f0fd0d67bf7a5d1",
"Gateway": "172.30.48.1",
"IPAddress": "172.30.57.127",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "00:15:5d:53:a2:da",
"DriverOpts": null
}
}
}
}
]
container 2
[
{
"Id": "dca6e1b6e86c9e888f0c817c8f5677f6e9d1513ee67715b77f5ca134811ee2c0",
"Created": "2019-07-19T15:41:58.0571535Z",
"Path": "ping",
"Args": [
"-t",
"localhost"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1172,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-07-22T13:10:28.0179564Z",
"FinishedAt": "2019-07-20T03:42:53.7730133-04:00"
},
"Image": "sha256:cf751d69394af7dc72bd2a251b5f206c623d58ad3c227b4eb38b7f78695fd6c6",
"ResolvConfPath": "",
"HostnamePath": "",
"HostsPath": "",
"LogPath": "C:\\ProgramData\\Docker\\containers\\dca6e1b6e86c9e888f0c817c8f5677f6e9d1513ee67715b77f5ca134811ee2c0\\dca6e1b6e86c9e888f0c817c8f5677f6e9d1513ee67715b77f5ca134811ee2c0-json.log",
"Name": "/Server_1",
"RestartCount": 0,
"Driver": "windowsfilter",
"Platform": "windows",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "nat",
"PortBindings": {},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 0,
"ConsoleSize": [
0,
0
],
"Isolation": "hyperv",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": null,
"ReadonlyPaths": null
},
"GraphDriver": {
"Data": {
"dir": "C:\\ProgramData\\Docker\\windowsfilter\\dca6e1b6e86c9e888f0c817c8f5677f6e9d1513ee67715b77f5ca134811ee2c0"
},
"Name": "windowsfilter"
},
"Mounts": [],
"Config": {
"Hostname": "dca6e1b6e86c",
"Domainname": "",
"User": "ContainerUser",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": null,
"Image": "mcr.microsoft.com/windows/nanoserver:1809",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"ping",
"-t",
"localhost"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "39e91b8015a79dda2357d7e1af47455981a66b7d56d23b397d649f096e1b93f1",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "temp",
"com.docker.compose.service": "server1",
"com.docker.compose.version": "1.23.2"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "dca6e1b6e86c9e888f0c817c8f5677f6e9d1513ee67715b77f5ca134811ee2c0",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "dca6e1b6e86c9e888f0c817c8f5677f6e9d1513ee67715b77f5ca134811ee2c0",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"nat": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"server1",
"dca6e1b6e86c"
],
"NetworkID": "a8c298597e4971959a217132aaf2521cdc5d0b3ce887580ad4239dce75f7e697",
"EndpointID": "8825f5c168aeb39a022de1ab4cc0f0f5bdc5a1938d490a40d476182d96904791",
"Gateway": "172.30.48.1",
"IPAddress": "172.30.56.75",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "00:15:5d:53:ad:eb",
"DriverOpts": null
}
}
}
}
]
Docker CE is not recommended for Windows Server. Use Docker EE Basic, it's free for Windows Servers.
Update:
In general your configuration looks ok... aliases are set, but from the ping output I see it's not a problem of pinging, but dns resolution. Second container is using some external dns to resolve server1 instead using docker internal dns.
There's a similar bug report touching docker dns resolution for windows containers: https://github.com/docker/for-win/issues/1976
This might be your case.
As temporary solution I'd recommend you to set up dns resolvers in containers to default docker dns at 127.0.0.11 (https://docs.docker.com/v17.09/engine/userguide/networking/configure-dns/)
update 2:
I reproduced on Win1809 and it works for me:
PS E:\workspace\docker-test> docker-compose up -d
Pulling server1 (mcr.microsoft.com/windows/nanoserver:1809)...
1809: Pulling from windows/nanoserver
58fd16eaae0b: Pull complete
Pulling server2 (mcr.microsoft.com/windows/nanoserver:1809)...
1809: Pulling from windows/nanoserver
Creating Server_1 ... done
Creating Server_2 ... done
PS E:\workspace\docker-test> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0628c2fd7106 mcr.microsoft.com/windows/nanoserver:1809 "ping -t localhost" 12 seconds ago Up 6 seconds Server_1
8e52138080f2 mcr.microsoft.com/windows/nanoserver:1809 "ping -t localhost" 12 seconds ago Up 6 seconds Server_2
PS E:\workspace\docker-test> docker exec Server_2 ping Server_1
Pinging Server_1 [172.27.195.21] with 32 bytes of data:
Reply from 172.27.195.21: bytes=32 time<1ms TTL=128
Reply from 172.27.195.21: bytes=32 time=5ms TTL=128
PS E:\workspace\docker-test> docker exec Server_1 ping Server_2
Pinging Server_2 [172.27.193.166] with 32 bytes of data:
Reply from 172.27.193.166: bytes=32 time<1ms TTL=128
Reply from 172.27.193.166: bytes=32 time=1ms TTL=128
PS E:\workspace\docker-test> docker exec Server_2 ping server1
Pinging server1 [172.27.195.21] with 32 bytes of data:
Reply from 172.27.195.21: bytes=32 time=1ms TTL=128
Reply from 172.27.195.21: bytes=32 time=2ms TTL=128
PS E:\workspace\docker-test> docker exec Server_1 ping server2
Pinging server2 [172.27.193.166] with 32 bytes of data:
Reply from 172.27.193.166: bytes=32 time<1ms TTL=128
Reply from 172.27.193.166: bytes=32 time=4ms TTL=128
Related
I have an error that only happens when I run docker compose up on one of my docker compose files and not the other, even though the services named "proxy" in which the error occurs are identical.
When I run docker compose -f docker-compose-v1.yml up -d the containers start without issue but on inspection the container named github_proxy_1 has no mounts.
If I run docker-compose -f docker-compose-v2.yml up -d the containers start without issue and on inspection the container named github_proxy_1 has mounts.
The proxy services are based on traefik windows images. I have read that many have had issues with binding volumes so that traefik can communicate with the underlying host, but the weird thing is that it works flawlessly in one setup but not the other.
Below are my docker version info, docker compose files, the results when inspecting the containers (showing the difference in mounts), and the error message from the container log shown in Docker Desktop.
Why does one proxy container manage to populate mounts while the other doesn't?
Thanks in advance!
docker version
Client:
Cloud integration: 1.0.14
Version: 20.10.6
API version: 1.41
Go version: go1.16.3
Git commit: 370c289
Built: Fri Apr 9 22:49:36 2021
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.6
API version: 1.41 (minimum version 1.24)
Go version: go1.13.15
Git commit: 8728dd2
Built: Fri Apr 9 22:45:40 2021
OS/Arch: windows/amd64
Experimental: false
docker-compose-v1.yml
version: "3.7"
services:
s4-web:
image: s4admin:484-2
build:
context: .
dockerfile: S4/Admin/Dockerfile
labels:
- "traefik.enable=true"
- "traefik.http.routers.web.rule=PathPrefix(`/`)"
networks:
- sg-net
proxy:
image: traefik:v2.3-windowsservercore-1809
command:
- "--providers.docker"
- "--providers.docker.endpoint=npipe:////./pipe/docker_engine"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=sg-net"
- "--entrypoints.web.address=:80"
- "--api.insecure=true"
ports:
- "8080:80"
- "8088:8080"
volumes:
- type: npipe
source: \\.\pipe\docker_engine
target: \\.\pipe\docker_engine
networks:
- sg-net
networks:
sg-net:
docker-compose-v2.yml
version: "3.7"
services:
signup-web:
image: signup-web:02-06
build:
context: ../..
dockerfile: docker/02-06-platform-integration/signup-web/v6/Dockerfile
environment:
- Dependencies:IReferenceDataLoader=SignUp.Web.ReferenceData.ApiReferenceDataLoader
- ReferenceDataApi:Url=http://reference-data-api/api
- Dependencies:IProspectSaveHandler=SignUp.Web.ProspectSave.AsynchronousProspectSaveHandler
- MessageQueue:Url=nats://${HOST_IP}:4222
labels:
- "traefik.enable=true"
- "traefik.http.routers.web.rule=PathPrefix(`/`)"
networks:
- signup-net
proxy:
image: traefik:v2.3-windowsservercore-1809
command:
- "--providers.docker"
- "--providers.docker.endpoint=npipe:////./pipe/docker_engine"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=signup-net"
- "--entrypoints.web.address=:80"
- "--api.insecure=true"
ports:
- "8080:80"
- "8088:8080"
volumes:
- type: npipe
source: \\.\pipe\docker_engine
target: \\.\pipe\docker_engine
networks:
- signup-net
networks:
signup-net:
Result from docker inspect github_proxy_1 showing no mounts:
[
{
"Id": "507bb53f9f7c772221ef858464877d310c4ab48a100f86e49b5e248de67c5921",
"Created": "2021-05-28T07:49:16.3839919Z",
"Path": "/traefik",
"Args": [
"--providers.docker",
"--providers.docker.endpoint=npipe:////./pipe/docker_engine",
"--providers.docker.exposedbydefault=false",
"--providers.docker.network=sg-net",
"--entrypoints.web.address=:80",
"--api.insecure=true"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1312,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-05-28T07:49:22.9474168Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:0011bc7c1cd89741d499d69fe62ed8c50b251d90bb3dd01350d6f945dace6e89",
"ResolvConfPath": "",
"HostnamePath": "",
"HostsPath": "",
"LogPath": "C:\\ProgramData\\Docker\\containers\\507bb53f9f7c772221ef858464877d310c4ab48a100f86e49b5e248de67c5921\\507bb53f9f7c772221ef858464877d310c4ab48a100f86e49b5e248de67c5921-json.log",
"Name": "/github_proxy_1",
"RestartCount": 0,
"Driver": "windowsfilter",
"Platform": "windows",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "github_sg-net",
"PortBindings": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
],
"8080/tcp": [
{
"HostIp": "",
"HostPort": "8088"
}
]
},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "",
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 0,
"ConsoleSize": [
0,
0
],
"Isolation": "hyperv",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": null,
"ReadonlyPaths": null
},
"GraphDriver": {
"Data": {
"dir": "C:\\ProgramData\\Docker\\windowsfilter\\507bb53f9f7c772221ef858464877d310c4ab48a100f86e49b5e248de67c5921"
},
"Name": "windowsfilter"
},
"Mounts": [],
"Config": {
"Hostname": "507bb53f9f7c",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"80/tcp": {},
"8080/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": [
"--providers.docker",
"--providers.docker.endpoint=npipe:////./pipe/docker_engine", "--providers.docker.exposedbydefault=false",
"--providers.docker.network=sg-net",
"--entrypoints.web.address=:80",
"--api.insecure=true"
],
"Image": "sha256:0011bc7c1cd89741d499d69fe62ed8c50b251d90bb3dd01350d6f945dace6e89",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/traefik"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "ef67d49c829762590f72bf6caa8e34327f9b86915e9e985c9d2fa43177457894",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "github",
"com.docker.compose.project.config_files": "C:\\Dev\\Projects\\SurveyGenerator\\github\\docker-compose-s4.yml",
"com.docker.compose.project.working_dir": "C:\\Dev\\Projects\\SurveyGenerator\\github",
"com.docker.compose.service": "proxy",
"com.docker.compose.version": "1.0-alpha",
"org.opencontainers.image.description": "A modern reverse-proxy",
"org.opencontainers.image.documentation": "https://docs.traefik.io",
"org.opencontainers.image.title": "Traefik",
"org.opencontainers.image.url": "https://traefik.io",
"org.opencontainers.image.vendor": "Traefik Labs",
"org.opencontainers.image.version": "v2.3.7"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "507bb53f9f7c772221ef858464877d310c4ab48a100f86e49b5e248de67c5921",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8080"
}
],
"8080/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8088"
}
]
},
"SandboxKey": "507bb53f9f7c772221ef858464877d310c4ab48a100f86e49b5e248de67c5921",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"github_sg-net": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"proxy",
"github_proxy_1",
"507bb53f9f7c"
],
"NetworkID": "2e5931b8cba8fdd1b2b4e547089c21b85570450437599d13e8af3888263d22e3",
"EndpointID": "87d39c2b7cc69b3090026f8395312704e684d7fb925410895dca1a007473ee41",
"Gateway": "172.27.160.1",
"IPAddress": "172.27.163.11",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "00:15:5d:46:69:3c",
"DriverOpts": null
}
}
}
}
]
Result from docker inspect github_proxy_1 where mounts has values:
[
{
"Id": "a81aae03a323b5efd37f80656dccab0bd102aa903d34803554456f0661c22c99",
"Created": "2021-05-28T08:21:05.6675713Z",
"Path": "/traefik",
"Args": [
"--providers.docker",
"--providers.docker.endpoint=npipe:////./pipe/docker_engine",
"--providers.docker.exposedbydefault=false",
"--providers.docker.network=signup-net",
"--entrypoints.web.address=:80",
"--api.insecure=true"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1328,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-05-28T08:21:10.4771044Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:0011bc7c1cd89741d499d69fe62ed8c50b251d90bb3dd01350d6f945dace6e89",
"ResolvConfPath": "",
"HostnamePath": "",
"HostsPath": "",
"LogPath": "C:\\ProgramData\\Docker\\containers\\a81aae03a323b5efd37f80656dccab0bd102aa903d34803554456f0661c22c99\\a81aae03a323b5efd37f80656dccab0bd102aa903d34803554456f0661c22c99-json.log",
"Name": "/03_proxy_1",
"RestartCount": 0,
"Driver": "windowsfilter",
"Platform": "windows",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "03_signup-net",
"PortBindings": {
"80/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
],
"8080/tcp": [
{
"HostIp": "",
"HostPort": "8088"
}
]
},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "",
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 0,
"ConsoleSize": [
0,
0
],
"Isolation": "hyperv",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"Mounts": [
{
"Type": "npipe",
"Source": "\\\\.\\pipe\\docker_engine",
"Target": "\\\\.\\pipe\\docker_engine"
}
],
"MaskedPaths": null,
"ReadonlyPaths": null
},
"GraphDriver": {
"Data": {
"dir": "C:\\ProgramData\\Docker\\windowsfilter\\a81aae03a323b5efd37f80656dccab0bd102aa903d34803554456f0661c22c99"
},
"Name": "windowsfilter"
},
"Mounts": [
{
"Type": "npipe",
"Source": "\\\\.\\pipe\\docker_engine",
"Destination": "\\\\.\\pipe\\docker_engine",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "a81aae03a323",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {},
"8080/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": [
"--providers.docker",
"--providers.docker.endpoint=npipe:////./pipe/docker_engine",
"--providers.docker.exposedbydefault=false",
"--providers.docker.network=signup-net",
"--entrypoints.web.address=:80",
"--api.insecure=true"
],
"Image": "traefik:v2.3-windowsservercore-1809",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/traefik"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "53f350716aad96821fea12154c09bf70e538394230171e0139d28b0ea8b6a2c6",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "03",
"com.docker.compose.project.config_files": "app\\03\\v7-windows.yml",
"com.docker.compose.project.working_dir": "C:\\Dev\\Projects\\docker4dotnet\\app\\03",
"com.docker.compose.service": "proxy",
"com.docker.compose.version": "1.29.1",
"org.opencontainers.image.description": "A modern reverse-proxy",
"org.opencontainers.image.documentation": "https://docs.traefik.io",
"org.opencontainers.image.title": "Traefik",
"org.opencontainers.image.url": "https://traefik.io",
"org.opencontainers.image.vendor": "Traefik Labs",
"org.opencontainers.image.version": "v2.3.7"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a81aae03a323b5efd37f80656dccab0bd102aa903d34803554456f0661c22c99",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8080"
}
],
"8080/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8088"
}
]
},
"SandboxKey": "a81aae03a323b5efd37f80656dccab0bd102aa903d34803554456f0661c22c99",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"03_signup-net": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"a81aae03a323",
"proxy"
],
"NetworkID": "1a464d92f0625acd600391c7b2204d33e54cb94b1bf4a098ca0a48e5f4067edc",
"EndpointID": "fde1dace014a898a4cee3fb624ce1a1ec74f87a565b3cb4696e895037774e57d",
"Gateway": "172.29.0.1",
"IPAddress": "172.29.12.143",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "00:15:5d:2f:e3:79",
"DriverOpts": null
}
}
}
}
]
Logged error message in docker desktop for the github_proxy_1 container without mounts:
time="2021-05-28T09:49:25+02:00" level=error msg="Failed to retrieve information of the docker client and server host: error during connect: This error may indicate that the docker daemon is not running.: Get \"http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version\": open //./pipe/docker_engine: The system cannot find the file specified." providerName=docker
time="2021-05-28T09:49:25+02:00" level=error msg="Provider connection error error during connect: This error may indicate that the docker daemon is not running.: Get \"http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version\": open //./pipe/docker_engine: The system cannot find the file specified., retrying in 552.330144ms" providerName=docker
So I found the problem. I was using docker-compose (using the docker-compose binary) for the compose that worked and docker compose for the one that didn't.
The question remains why one works and the other doesn't, what is the difference of running docker-compose vs docker compose? Does it perhaps somehow have to do with permissions?
I am learning Docker. I have installed Docker for Windows. I have created the container for nginx and am trying to access the container using the published port but I am unable to access the same. However, if I use port 80 then I am able to access the application.
http://localhost:80 works and shows me the default nginx page
http://localhost:5000 doesnt works and prints following:
This page isn’t workinglocalhost didn’t send any data.
ERR_EMPTY_RESPONSE
Also, the network tab in browser (Chrome) developer console doesnt show any response or error
My OS: Windows 10 Pro
Client: Docker Engine - Community
Cloud integration: 1.0.7
Version: 20.10.2
API version: 1.41
Go version: go1.13.15
Git commit: 2291f61
Built: Mon Dec 28 16:14:16 2020
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.2
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 8891c58
Built: Mon Dec 28 16:15:28 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.3
GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b
runc:
Version: 1.0.0-rc92
GitCommit: ff819c7e9184c13b7c2607fe6c30ae19403a7aff
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Command used for creating container: docker container run -d --name nginx --publish 5000:5000 nginx
docker container ls output
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f59516a3e4f7 nginx "/docker-entrypoint.…" 4 hours ago Up 4 hours 80/tcp, 0.0.0.0:5000->5000/tcp nginx
docker container inspect command:
[
{
"Id": "f59516a3e4f75c61b92479f965043e90a711fb193e443b734e05bcd42ad4d0ba",
"Created": "2021-02-08T07:19:20.2360384Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 983,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-02-08T07:19:24.5867104Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:f6d0b4767a6c466c178bf718f99bea0d3742b26679081e52dbf8e0c7c4c42d74",
"ResolvConfPath": "/var/lib/docker/containers/f59516a3e4f75c61b92479f965043e90a711fb193e443b734e05bcd42ad4d0ba/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/f59516a3e4f75c61b92479f965043e90a711fb193e443b734e05bcd42ad4d0ba/hostname",
"HostsPath": "/var/lib/docker/containers/f59516a3e4f75c61b92479f965043e90a711fb193e443b734e05bcd42ad4d0ba/hosts",
"LogPath": "/var/lib/docker/containers/f59516a3e4f75c61b92479f965043e90a711fb193e443b734e05bcd42ad4d0ba/f59516a3e4f75c61b92479f965043e90a711fb193e443b734e05bcd42ad4d0ba-json.log",
"Name": "/nginx",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"5000/tcp": [
{
"HostIp": "",
"HostPort": "5000"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
49,
190
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/a67b581e2118bfaeb9a069c638ff42f71acf47fd265b01354e220c483ff9cf71-init/diff:/var/lib/docker/overlay2/61d9567cb18bc9696a1c664ebf3825a418a9aff6c5aa2c0fabc953123431fa34/diff:/var/lib/docker/overlay2/2be9c39bd291d94c4c1d5988983962b9962c9b20cf1fa234ab03207cdad4fff8/diff:/var/lib/docker/overlay2/24572164f0e4eee1986a390325efa605d0479adf33dd98fee68664c36e6367c7/diff:/var/lib/docker/overlay2/874dc0dce371b28125310174ec54ae62cfce0d19966182d80ad614f160107c7a/diff:/var/lib/docker/overlay2/65ff43934235a5e51dd723ee580dfb1aaa83bf78f20e841593e75cb24018b3da/diff",
"MergedDir": "/var/lib/docker/overlay2/a67b581e2118bfaeb9a069c638ff42f71acf47fd265b01354e220c483ff9cf71/merged",
"UpperDir": "/var/lib/docker/overlay2/a67b581e2118bfaeb9a069c638ff42f71acf47fd265b01354e220c483ff9cf71/diff",
"WorkDir": "/var/lib/docker/overlay2/a67b581e2118bfaeb9a069c638ff42f71acf47fd265b01354e220c483ff9cf71/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "f59516a3e4f7",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"5000/tcp": {},
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.19.6",
"NJS_VERSION=0.5.0",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers \u003cdocker-maint#nginx.com\u003e"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "626e30b7e55d09190c8d1856ee22a5631cccd77b11dfc7833f790d657ff34a49",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"5000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "5000"
}
],
"80/tcp": null
},
"SandboxKey": "/var/run/docker/netns/626e30b7e55d",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "e5b1acbe55d056354dcd377ea42c33a4acc37229af589da9fbf0ba70e812b3ea",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:03",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "eab20a894f1a3dfef855ac020cb83389f7e1b2b77b0ba25a3268db90c55a5a30",
"EndpointID": "e5b1acbe55d056354dcd377ea42c33a4acc37229af589da9fbf0ba70e812b3ea",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
}
}
}
}
]
Output of nestat -ao in windows just to see if ports are not available
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 DESKTOP-FUFQTFP:0 LISTENING 9276
TCP 0.0.0.0:135 DESKTOP-FUFQTFP:0 LISTENING 616
TCP 0.0.0.0:445 DESKTOP-FUFQTFP:0 LISTENING 4
TCP 0.0.0.0:2179 DESKTOP-FUFQTFP:0 LISTENING 2196
TCP 0.0.0.0:3000 DESKTOP-FUFQTFP:0 LISTENING 9276
TCP 0.0.0.0:4000 DESKTOP-FUFQTFP:0 LISTENING 9276
TCP 0.0.0.0:5000 DESKTOP-FUFQTFP:0 LISTENING 9276
DESKTOP-FUFQTFP is something I can see in Hyper V-Manager
I have gone through several posts and tried commands like docker container run -d --name nginx -p 0.0.0.0:5000:5000 nginx
but it didnt work
I also tried the same for images of httpd and docker/getting-started image but all are having the same issue.
I am clueless.
Issue with command in your example is that you're mapping local port 5000 to port 5000 in container (nothing listening on it).
Thy this: docker container run -d --name nginx --publish 5000:80 nginx
Here port 5000 on your host is getting mapped (bound) to port 80 in the container.
This is my information:
➜ ~ docker -v
Docker version 19.03.5, build 633a0ea
➜ ~ uname -ar
Darwin Felixs-iMac.local 19.2.0 Darwin Kernel Version 19.2.0: Sat Nov 9 03:47:04 PST 2019; root:xnu-6153.61.1~20/RELEASE_X86_64 x86_64
when I create a docker with host network mode like this (which is copied from https://docs.docker.com/network/network-tutorial-host/)
docker run --rm -d --network host --name my_nginx nginx
It worked well and I can see the docker is running.
BUT THE PROBLEM IS the port isn't exposed.
when i check with lsof -i:80, there's nothing.
➜ ~ docker run --rm -d --network host --name my_nginx nginx
282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d
➜ ~ lsof -i:80
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
282fe15a16b7 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute
And i inspected the container, everything seems good:
➜ ~ docker inspect my_nginx
[
{
"Id": "282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d",
"Created": "2020-02-26T15:35:58.243963941Z",
"Path": "nginx",
"Args": [
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2238,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-02-26T15:35:58.39452216Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:2073e0bcb60ee98548d313ead5eacbfe16d9054f8800a32bedd859922a99a6e1",
"ResolvConfPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/hostname",
"HostsPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/hosts",
"LogPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d-json.log",
"Name": "/my_nginx",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "host",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": true,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f-init/diff:/var/lib/docker/overlay2/587f9f458f8f0de65434971354636364ff685701fa1f8ba0ba7da4459e22540c/diff:/var/lib/docker/overlay2/1a94586d0949b8305ac14f0934a46149b31db3eb6e7125d7b2965deef318695d/diff:/var/lib/docker/overlay2/ac900d4637ed15f3337e999928ec2a9de2ef4a998f4ce53700a1dffc955d5f0e/diff",
"MergedDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/merged",
"UpperDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/diff",
"WorkDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "docker-desktop",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.17.8",
"NJS_VERSION=0.3.8",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint#nginx.com>"
},
"StopSignal": "SIGTERM"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "be4dc476e331bb8ac857ec069d0aa8383d7700ba5b917c0fed44c59d0b042c99",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/default",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "56456bd40ca98647fed01509408599accfadc7cb0f0077ea884b18fc009801b5",
"EndpointID": "e3e870245e2995fbfbae8706fa2daa19f3bf3d59d11d2f8ce2300f2b84b211e0",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
Anybody can help me ?
If you're using MacOS, then host network mode will not work on it, the reason for that is that docker-desktop uses an underlying Linux Virtual Machine to run the docker containers, so this host mode is only valid for that VM's network and not for the host(MacOS machine).
Still if you want to access a service running on your host machine(MacOS), from your docker container then you need to use the following hostname in order to connect to that service:
host.docker.internal
You'll be using the above hostname in place of localhost or 127.0.0.1.
For further discussion regarding this you check this github issue
I would like to get the docker container name from within a container. I need this information because I am running a script from the Dockerfile as an ENTRYPOINT that needs to know the node number. I am using the --scale with docker-compose to create a cluster of my image.
I am able to get the hostname of the container which is the container ID. But is there a way to get the container name from inside the container?
Docker remote apis should work for you.
Depending on the version of your docker used appropriate version of remote api. Check this for more info.
I made use of container-inspect api to retrieve the container name.
Follow these steps:
Figure out on which port docker daemon is listening. In my case it was 2375 which is the default port.
$ netstat -anp | grep dockerd
tcp 0 0 :::2375 :::* LISTEN 7/dockerd
tcp 0 0 ::ffff:172.18.0.110:2375 ::ffff:172.18.0.1:29445 ESTABLISHED 7/dockerd
unix 2 [ ACC ] STREAM LISTENING 1242188041 7/dockerd /var/run/docker/metrics.sock
unix 2 [ ACC ] STREAM LISTENING 1242187193 7/dockerd /var/run/docker.sock
unix 2 [ ACC ] STREAM LISTENING 1242186375 7/dockerd /var/run/docker/libnetwork/79ba9bb412445c757dd4cc2fc30c1cbc7efde8482bdc4c1cf15c4ce0e4190752.sock
unix 3 [ ] STREAM CONNECTED 1242187211 7/dockerd
unix 3 [ ] STREAM CONNECTED 1242183625 7/dockerd
unix 3 [ ] STREAM CONNECTED 1242184185 7/dockerd
Run a container and retrieve the container name.
$ docker run -it alpine sh
/ # apk update
/ # apk add curl
/ # apk add jq
/ # curl -s 192.168.0.37:2375/containers/$HOSTNAME/json | jq -r ".Name"
/zen_wescoff
NOTE: Here 192.168.0.37 is the ip of my machine. Also apart from container name you can retrieve lot of information using these docker remote apis.
Sample full output of container-inspect api
/ # curl -s 192.168.0.37:2375/containers/$HOSTNAME/json?pretty=true
{
"Id": "3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9",
"Created": "2019-06-20T09:09:51.258807808Z",
"Path": "sh",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 3824,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-06-20T09:09:53.341188978Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:4d90542f0623c71f1f9c11be3da23167174ac9d93731cf91912922e916bab02c",
"ResolvConfPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/hostname",
"HostsPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/hosts",
"LogPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9-json.log",
"Name": "/jovial_moser",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [0, 0],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"DiskQuota": 0,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": ["/proc/asound", "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware"],
"ReadonlyPaths": ["/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger"]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39-init/diff:/var/lib/docker/overlay2/edb63c15d70f0a29c60f3725ed952dd76439bef4da8915e66ffe6ed1ecf02107/diff",
"MergedDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/merged",
"UpperDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/diff",
"WorkDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "3409974f45be",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],
"Cmd": ["sh"],
"Image": "alpine",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "7f41a5043e99bb110e215ac8e13a8a2c37838b25c6a9fa985584ff458c1e52cc",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/7f41a5043e99",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "7aa9f269772edff8a9b7f895d51d6dd472a5820ff56a643134465ab8bff1914e",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "55987078c24843c830172de5c352b00c96cb3f177a349437dd7bee9bd1814e86",
"EndpointID": "7aa9f269772edff8a9b7f895d51d6dd472a5820ff56a643134465ab8bff1914e",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
So in-short you need to know ip for your machine and the port on which docker daemon is listening to retrieve any sort of information from within the container.
Hope this helps, let me know.
Mount the docker socket to your container:
myservice:
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
Then use a lib or directly query the docker api:
curl --unix-socket /var/run/docker.sock http://localhost/containers/json
This will return an array of all the running containers which includes the field:
{ Names: ['/proj_myservice_1', '/proj_myservice_2'] }
If you've scaled your containers up and are looking to communicate with the sibling containers inside a container, docker automatically detects this if you make requests to: http://myservice{:port} from inside your container. Docker will auto-discover the container and route you to a random container.
I have a docker container running Debian jessie on Ubuntu yakkety.
When within the docker (connected via ssh for instance) I am isolated from the host (which is expected). I however realized that dmesg shows me the messages for the host and not for the container. How can it have access to information of its host?
The configuration of the docker container is not special (except that it uses a specific bridge, different from docker0), in particular it does not run in any privileged mode ("Privileged": false below):
root#srv ~# docker inspect minecraft-1-8
[
{
"Id": "748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e",
"Created": "2016-12-01T15:35:05.287672787Z",
"Path": "/usr/bin/supervisord",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 28650,
"ExitCode": 0,
"Error": "",
"StartedAt": "2016-12-15T18:37:08.409564695Z",
"FinishedAt": "2016-12-15T18:37:07.457274028Z"
},
"Image": "sha256:78a2f88d47e29523503c2196ed2faaa3d1039d948d73987edc03b2abd338595d",
"ResolvConfPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/hostname",
"HostsPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/hosts",
"LogPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e-json.log",
"Name": "/minecraft-1-8",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "docker",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/var/lib/docker/overlay/e78ce9dbcedd6974429a4aada8f38913b7d35da41f586f203dd99a568f38b6c3/root",
"MergedDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/merged",
"UpperDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/upper",
"WorkDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/work"
}
},
"Mounts": [],
"Config": {
"Hostname": "minecraft-1-8",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/usr/bin/supervisord"
],
"Image": "minecraft",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "cf411634babad31138ab4572b9cd7306f74a54dd1baf4cd8d7706d7e7020c594",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/cf411634baba",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"docker": {
"IPAMConfig": {
"IPv4Address": "10.200.0.100"
},
"Links": null,
"Aliases": [
"748cfdfbf3fb"
],
"NetworkID": "7b20560b36032d36ffe6c0ebece6b4408355d207f4e203a2957b0434ee0afdc1",
"EndpointID": "9fa4fc914dfe76022ce0db02e48a7e7c85c57bc2a15b0b3e5d81b1f24d95f376",
"Gateway": "10.200.0.1",
"IPAddress": "10.200.0.100",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:0a:c8:00:64"
}
}
}
}
]
In most distro's dmesg is not a privileged command. Any user can use the klogctl interface to read the kernel ring buffer.
$ id
uid=1001(matt) gid=1001(matt) groups=1001(matt)
$ dmesg | head -1
[ 0.000000] Initializing cgroup subsys cpuset
But can't do anything beyond read
$ dmesg -C
dmesg: klogctl failed: Operation not permitted
Which extends to Docker
$ sudo docker run debian dmesg | head -1
[ 0.000000] Initializing cgroup subsys cpuset
$ sudo docker run debian dmesg -C
dmesg: klogctl failed: Operation not permitted
Restricting access
You can restrict read access down to root users and those with the CAP_SYSLOG or CAP_SYS_ADMIN capabilities via /proc/sys/kernel/dmesg_restrict.
$ echo 1 > /proc/sys/kernel/dmesg_restrict
Then you should be getting a permission denied message:
$ docker run ubuntu:yakkety dmesg
dmesg: read kernel buffer failed: Operation not permitted
Running a container in privileged mode will then regain access to the hosts kernel ring buffer
$ docker run --privileged ubuntu:yakkety dmesg
[146902.131915] br-fa26f1dc96a1: port 3(veth80d3d5d) entered disabled state
...
Use sysctl to configure kernel.dmesg_restrict=1 if you need it permanently.
Namespacing
As to why the kernel log doesn't have name spacing like other kernel areas, I think the answer is "it's difficult". There's more detail than you'd care to know in this 2012 Stepping closer to practical containers: "syslog" namespaces LWN post. I can't see any reference's to it getting any further than proposed patches: https://lwn.net/Articles/562389/ https://lwn.net/Articles/561271/. As you can see in this recent netfilter patch, they have a work around to allow rules in a container name space to use the global log.