I am currently having an app with 3 different databases (it's for a test). I have the following docker image:
Dockerfile
FROM golang:1.15
WORKDIR /myapp
# Download wait for it tool.
ADD https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh /wait-for-it
RUN chmod +x /wait-for-it
and the following docker-compose.yml
version: '3.7'
services:
app:
build:
context: .
dockerfile: Dockerfile.dev
volumes:
- .:/app
command: sh -c "/wait-for-it postgres:10001 -- /wait-for-it oracle:10000 -- /wait-for-it mongodb:10002"
depends_on:
- oracle
- mongodb
- postgres
ports:
- "8080:8080"
oracle:
image: chameleon82/oracle-xe-10g:latest
ports:
- "10000:8080"
expose:
- 10000
postgres:
image: postgres:9.6-alpine
ports:
- "10001:5432"
environment:
- POSTGRES_HOST_AUTH_METHOD=trust
- POSTGRES_DB=testdb
expose:
- 10001
mongodb:
image: mongo:latest
ports:
- "10002:27017"
expose:
- 10002
The thing is, as you saw, my app listens on 8080, but so Oracle does. I know I can change my app port, but still, I would like to switch Oracle to another port. I am trying to achieve it from port mapping, but I do feel that it only works for the host machine, not for a use from within the docker-compose, am I wrong?
Think of services within a Docker Compose network (i.e. app, oracle) as distinct hosts. Each is addressable by its service name, i.e. app should refer to the oracle service by this name (oracle).
The port mapping allows you to expose (and map) service ports within a Docker Compose network to (possibly different) host ports. This is commonly because, the host has a singular dimension of port spaces (0...65535) whereas each service within the Docker Compose network has a port space. 2 services (e.g. http1 and http2) may each use port e.g. 8080 but there's only one 8080 on the host and so, to expose each of these services on your host, one would have to yield; one could also be on the host's 8080 but the other would need to be elsewhere, perhaps 8081.
In your case, e.g. oracle runs on 8080 within the Docker Compose network and is exposed on the host's port 10000. As far as the app service is concerned, this service is available as oracle:8080 (8080 not 10000) within the Docker Compose network.
The expose syntax is purely documentary and has no functional effect.
Responding to comments
If I run your Compose script as-is, it does not work. This is expected because e.g. postgres is available on 5432 within the Compose network not on 10001
docker-compose logs app
Attaching to 63690852_app_1
app_1 | wait-for-it: waiting 15 seconds for postgres:10001
app_1 | wait-for-it: timeout occurred after waiting 15 seconds for postgres:10001
app_1 | wait-for-it: waiting 15 seconds for oracle:10000
app_1 | wait-for-it: timeout occurred after waiting 15 seconds for oracle:10000
app_1 | wait-for-it: waiting 15 seconds for mongodb:10002
app_1 | wait-for-it: timeout occurred after waiting 15 seconds for mongodb:10002
If I correct the ports:
command: sh -c "/wait-for-it postgres:5432 -- /wait-for-it oracle:8080 -- /wait-for-it mongodb:27017"
It works as expected:
docker-compose logs app
Attaching to 63690852_app_1
app_1 | wait-for-it: waiting 15 seconds for postgres:5432
app_1 | wait-for-it: postgres:5432 is available after 0 seconds
app_1 | wait-for-it: waiting 15 seconds for oracle:8080
app_1 | wait-for-it: oracle:8080 is available after 8 seconds
app_1 | wait-for-it: waiting 15 seconds for mongodb:27017
app_1 | wait-for-it: mongodb:27017 is available after 0 seconds
I create 3 virtual machine use docker-machine,there are:
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
cluster - virtualbox Running tcp://192.168.99.101:2376 v18.09.5
cluster2 - virtualbox Running tcp://192.168.99.102:2376 v18.09.5
master - virtualbox Running tcp://192.168.99.100:2376 v18.09.5
and then I create a docker swarm in master machine:
docker-machine ssh master "docker swarm init ----advertise-addr 192.168.99.100"
and in cluster and cluster2 join master:
docker-machine ssh cluster "docker swarm join --advertise-addr 192.168.99.101 --token xxxx 192.168.99.100:2377"
docker-machine ssh cluster2 "docker swarm join --advertise-addr 192.168.99.102 --token xxxx 192.168.99.100:2377"
the docker node ls info:
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
r4a6y9wie4zp3pl4wi4e6wqp8 cluster Ready Active 18.09.5
sg9gq6s3k6vty7qap7co6eppn cluster2 Ready Active 18.09.5
xb6telu8cn3bfmume1kcektkt * master Ready Active Leader 18.09.5
there is deploy config swarm.yml:
version: "3.3"
services:
elasticsearch:
image: elasticsearch:7.0.0
ports:
- "9200:9200"
- "9300:9300"
environment:
- cluster.name=elk
- network.host=_eth1:ipv4_
- network.bind_host=_eth1:ipv4_
- network.publish_host=_eth1:ipv4_
- discovery.seed_hosts=192.168.99.100,192.168.99.101
- cluster.initial_master_nodes=192.168.99.100,192.168.99.101
- bootstrap.memory_lock=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
networks:
- backend
deploy:
mode: replicated
replicas: 3
#endpoint_mode: dnsrr
restart_policy:
condition: none
resources:
limits:
cpus: "1.0"
memory: "1024M"
reservations:
memory: 20M
networks:
backend:
# driver: overlay
# attachable: true
i pull elasticsearch image to virtual machie:
docker-machine ssh master "docker image pull elasticsearch:7.0.0"
docker-machine ssh cluster "docker image pull elasticsearch:7.0.0"
docker-machine ssh cluster2 "docker image pull elasticsearch:7.0.0"
before run i run this command fix some elasticearch bootstrap error:
docker-machine ssh master "sudo sysctl -w vm.max_map_count=262144"
docker-machine ssh cluster "sudo sysctl -w vm.max_map_count=262144"
docker-machine ssh cluster2 "sudo sysctl -w vm.max_map_count=262144"
and then i run `docker stack deploy -c swarm.yml es, the elasticsearch cluster cannot work.
docker-machine ssh master
docker service logs es_elasticsearch -f
show:
es_elasticsearch.1.uh1x0s9qr7mb#cluster | {"type": "server", "timestamp": "2019-04-25T16:28:47,143+0000", "level": "WARN", "component": "o.e.c.c.ClusterFormationFailureHelper", "cluster.name": "elk", "node.name": "e8dba5562417", "message": "master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [192.168.99.100, 192.168.99.101] to bootstrap a cluster: have discovered []; discovery will continue using [192.168.99.100:9300, 192.168.99.101:9300] from hosts providers and [{e8dba5562417}{Jy3t0AAkSW-jY-IygOCjOQ}{z7MYIf5wTfOhCX1r25wNPg}{10.255.0.46}{10.255.0.46:9300}{ml.machine_memory=1037410304, xpack.installed=true, ml.max_open_jobs=20}] from last-known cluster state; node term 0, last-accepted version 0 in term 0" }
es_elasticsearch.2.swswlwmle9e9#cluster2 | {"type": "server", "timestamp": "2019-04-25T16:28:47,389+0000", "level": "WARN", "component": "o.e.c.c.ClusterFormationFailureHelper", "cluster.name": "elk", "node.name": "af5d88a04b42", "message": "master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [192.168.99.100, 192.168.99.101] to bootstrap a cluster: have discovered []; discovery will continue using [192.168.99.100:9300, 192.168.99.101:9300] from hosts providers and [{af5d88a04b42}{zhxMeNMAQN2evKDlsA33qA}{fpYPTvJ6STmyqrgxlMkD_w}{10.255.0.47}{10.255.0.47:9300}{ml.machine_memory=1037410304, xpack.installed=true, ml.max_open_jobs=20}] from last-known cluster state; node term 0, last-accepted version 0 in term 0" }
es_elasticsearch.3.x8ouukovhh80#master | {"type": "server", "timestamp": "2019-04-25T16:28:48,818+0000", "level": "WARN", "component": "o.e.c.c.ClusterFormationFailureHelper", "cluster.name": "elk", "node.name": "0e7e4d96b31a", "message": "master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [192.168.99.100, 192.168.99.101] to bootstrap a cluster: have discovered []; discovery will continue using [192.168.99.100:9300, 192.168.99.101:9300] from hosts providers and [{0e7e4d96b31a}{Xs9966RjTEWvEbuj4-ySYA}{-eV4lvavSHq6JhoW0qWu6A}{10.255.0.48}{10.255.0.48:9300}{ml.machine_memory=1037410304, xpack.installed=true, ml.max_open_jobs=20}] from last-known cluster state; node term 0, last-accepted version 0 in term 0" }
I guess the cluster formation failed may be due to network configuration error. I don't know how to fix it, I try many times modify the config, fail and fail again.
try, this is working :) docker-compose.yml
version: "3.7"
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
hostname: "{{.Node.Hostname}}"
environment:
- node.name={{.Node.Hostname}}
- cluster.name=my-cluster
- "ES_JAVA_OPTS=-Xms2g -Xmx2g"
- discovery.seed_hosts=elasticsearch
- cluster.initial_master_nodes=node1,node2,node3
- node.ml=false
- xpack.ml.enabled=false
- xpack.monitoring.enabled=false
- xpack.security.enabled=false
- xpack.watcher.enabled=false
- bootstrap.memory_lock=false
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
deploy:
mode: global
endpoint_mode: dnsrr
resources:
limits:
memory: 4G
nginx:
image: nginx:1.17.1-alpine
ports:
- 9200:9200
deploy:
mode: global
command: |
/bin/sh -c "echo '
user nobody nogroup;
worker_processes auto;
events {
worker_connections 1024;
}
http {
client_max_body_size 4g;
resolver 127.0.0.11 ipv6=off;
server {
listen *:9200;
location / {
proxy_set_header Connection keep-alive;
set $$url http://elasticsearch:9200;
proxy_pass $$url;
proxy_set_header Host $$http_host;
proxy_set_header X-Real-IP $$remote_addr;
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
}
}
}' | tee /etc/nginx/nginx.conf && nginx -t && nginx -g 'daemon off;'"
volumes:
elasticsearch-data:
Trying to manually specify all the specific IP's and bindings is tricky because of the swarm overlaying network.
Instead, simply make your ES nodes discoverable and let Swarm take care of the node discovery and communication. To make them discoverable, we can use a predictable name like the Swarm node hostname.
Try change your environment settings in the swarm.yml file as follows:
environment:
- network.host=0.0.0.0
- discovery.seed_hosts=elasticsearch #Service name, to let Swarm handle discovery
- cluster.initial_master_nodes=master,cluster,cluster2 #Swarm nodes host names
- node.name={{.Node.Hostname}} #To create a predictable node name
This of course assumes that we already known the swarm hostnames, which you pointed out in the screenshot above. Without knowing these values, we would have no way of having a predictable set of node names to look for. In that case, you could create 1 ES node entry with a particular node name, and then another entry which references the first entry's node name as the cluster.initial_master_nodes.
Use dnsrr mode without ports. Expose elasticsearch with nginx ;)
See my docker-compose.yml
In my experience https://github.com/shazChaudhry/docker-elastic works perfectly, and just one file from the entire repo is enough. I downloaded https://github.com/shazChaudhry/docker-elastic/blob/master/docker-compose.yml and removed the logstash bits, I didn't need that. Then added the following to .bashrc
export ELASTICSEARCH_HOST=$(hostname)
export ELASTICSEARCH_PASSWORD=foobar
export ELASTICSEARCH_USERNAME=elastic
export ELASTIC_VERSION=7.4.2
export INITIAL_MASTER_NODES=$ELASTICSEARCH_HOST
And docker stack deploy --compose-file docker-compose.yml elastic works.
Ideas I gleaned from Ahmet Vehbi Olgaç 's docker-compose.yml, which worked for me:
Use deployment / mode: global. This will cause the swarm to deploy one replica to each swarm worker, for each node that is configured like this.
Use deployment / endpoint_mode: dnsrr. This will let all containers in the swarm access the nodes by the service name.
Use hostname: {{.Node.Hostname}} or a similar template-based expression. This ensures a unique name for each deployed container.
Use environment / node.name={{.Node.Hostname}}. Again, you can vary the pattern. The point is that each es node should get a unique name.
Use cluster.initial_master_nodes=*hostname1*,*hostname2*,.... Assuming you know the hostnames of your docker worker machines. Use whatever pattern you used in #3, but substitute out the whole hostname, and include all the hostnames.
If you don't know your hostnames, you can do what Andrew Cachia's answer suggests: set up one container (do not replicate it) to act solely as the master seed and give it a predictable hostname, then have all other nodes refer to that node as the master seed. However, this introduces a single point of failure.
Elasticsearch 8.5.0 answer.
For my needs, I didn't want to add a reverse-proxy/load balancer, but I do want to expose port 9200 on the swarm nodes where Elasticsearch replicas are running (using just swarm), so that external clients can access the Elasticsearch REST API. So I used endpoint mode dnsrr (ref) and exposed port 9200 on the hosts where the replicas run.
If you don't need to expose port 9200 (i.e., nothing will connect to the elasticsearch replicas outside of swarm), remove the ports: config from the elasticsearch service.
I also only want elasticsearch replicas to run on a subset of my swarm nodes (3 of them). I created docker node label elasticsearch on those three nodes. Then mode: global and constraint node.labels.elasticsearch==True will ensure 1 replica runs on each of those nodes.
I run kibana on one of those 3 nodes too: swarm can pick which one, since port 5601 is exposed on swarm's ingress overlay network.
Lines you'll likely need to edit are maked with ######.
# docker network create -d overlay --attachable elastic-net
# cat elastic-stack-env
#!/bin/bash
export STACK_VERSION=8.5.0 # Elasticsearch and Kibana version
export ES_PORT=9200 # port to expose Elasticsearch HTTP API to the host
export KIBANA_PORT=5601 # port to expose Kibana to the host
read -p "Enter elastic user password: " ELASTIC_PASSWORD
read -p "Enter kibana_system user password: " KIBANA_PASSWORD
export KIBANA_URL=https://kibana.my-domain.com:$KIBANA_PORT #######
export SHARED_DIR=/some/nfs/or/shared/storage/elastic #######
export KIBANA_SSL_KEY_PATH=config/certs/kibana.key
export KIBANA_SSL_CERT_PATH=config/certs/kibana.crt
export ELASTIC_NODES=swarm_node1,swarm_node2,swarm_node3 #######
# ELASTIC_NODES must match what docker reports from {{.Node.Hostname}}
export KIBANA_SSL_CERT_AUTH_PATH=config/certs/My_Root_CA.crt #######
export CLUSTER_NAME=docker-cluster
export MEM_LIMIT=4294967296 # 4 GB; increase or decrease based on the available host memory (in bytes)
# cat elastic-stack.yml
version: "3.8"
services:
elasticsearch:
image: localhost:5000/elasticsearch:${STACK_VERSION:?} ####### I have a local registry
deploy:
endpoint_mode: dnsrr
mode: global # but note constraints below
placement:
constraints:
- node.labels.elasticsearch==True
resources:
limits:
memory:
${MEM_LIMIT}
dns: 127.0.0.11 # use docker DNS only (may not be required)
networks:
- elastic-net
volumes:
- ${SHARED_DIR:?}/certs:/usr/share/elasticsearch/config/certs
- /path/to/some/local/storage/elasticsearch:/usr/share/elasticsearch/data
ports: ##### remove if nothing outside of swarm needs to access port 9200
- target: 9200
published: ${ES_PORT} # we publish this port so that external clients can access the ES REST API
protocol: tcp
mode: host # required when using dnsrr
environment: # https://www.elastic.co/guide/en/elasticsearch/reference/master/settings.html
# https://www.elastic.co/guide/en/elasticsearch/reference/master/docker.html#docker-configuration-methods
- node.name={{.Node.Hostname}} # see Andrew Cachia's answer
- cluster.name=${CLUSTER_NAME}
- discovery.seed_hosts=elasticsearch # use service name here, since (docker's) DNS is used:
# https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#unicast.hosts
- cluster.initial_master_nodes=${ELASTIC_NODES} # use node.names here
# https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#initial_master_nodes
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/elasticsearch/elasticsearch.key
- xpack.security.http.ssl.certificate=certs/elasticsearch/elasticsearch.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.http.ssl.verification_mode=certificate
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/elasticsearch/elasticsearch.key
- xpack.security.transport.ssl.certificate=certs/elasticsearch/elasticsearch.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=basic
healthcheck:
test:
[ "CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
logging: # we use rsyslog
driver: syslog
options:
syslog-facility: "local2"
kibana:
# this service depends on the setup service (defined below), but docker stack has no
# way to specify dependencies, but more importantly, there's been a move away from this:
# https://stackoverflow.com/a/47714157/215945
image: localhost:5000/kibana:${STACK_VERSION:?} ######
hostname: kibana
deploy:
placement:
constraints:
- node.labels.elasticsearch==True # run KB on any one of the ES nodes
resources:
limits:
memory:
${MEM_LIMIT}
dns: 127.0.0.11 # use docker DNS only (may not be required)
networks:
- elastic-net
volumes:
- ${SHARED_DIR:?}/kibana:/usr/share/kibana/data
- ${SHARED_DIR:?}/certs:/usr/share/kibana/config/certs
ports:
- ${KIBANA_PORT}:5601
environment: # https://www.elastic.co/guide/en/kibana/master/settings.html
# https://www.elastic.co/guide/en/kibana/master/docker.html#environment-variable-config
# CAPS_WITH_UNDERSCORES must be used with Kibana
- SERVER_NAME=kibana
- ELASTICSEARCH_HOSTS=["https://elasticsearch:9200"]
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
- SERVER_PUBLICBASEURL=${KIBANA_URL}
# if you don't want to use https/TLS with Kibana, comment-out
# the next four lines
- SERVER_SSL_ENABLED=true
- SERVER_SSL_KEY=${KIBANA_SSL_KEY_PATH}
- SERVER_SSL_CERTIFICATE=${KIBANA_SSL_CERT_PATH}
- SERVER_SSL_CERTIFICATEAUTHORITIES=${KIBANA_SSL_CERT_AUTH_PATH}
- TELEMETRY_OPTIN=false
healthcheck:
test:
[
"CMD-SHELL",
"curl -sIk https://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
logging:
driver: syslog
options:
syslog-facility: "local2"
setup:
image: localhost:5000/elasticsearch:${STACK_VERSION:?} #######
deploy:
placement:
constraints:
- node.labels.elasticsearch==True
restart_policy: # https://docs.docker.com/compose/compose-file/compose-file-v3/#restart_policy
condition: none
volumes:
- ${SHARED_DIR:?}/certs:/usr/share/elasticsearch/config/certs
dns: 127.0.0.11 # use docker DNS only (may not be required)
networks:
- elastic-net
command: >
bash -c '
until curl -s --cacert config/certs/ca/ca.crt https://elasticsearch:9200 | grep -q "missing authentication credentials"
do
echo "waiting 30 secs for Elasticsearch availability..."
sleep 30
done
echo "setting kibana_system password"
until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"
do
echo "waiting 10 secs before trying to set password again..."
sleep 10
done
echo "done"
'
logging:
driver: syslog
options:
syslog-facility: "local2"
networks:
elastic-net:
external: true
Deploy:
# . ./elastic-stack-env
# docker stack deploy -c elastic-stack.yml elastic
# # ... after Kibana comes up, you can remove the setup service if you want:
# docker service rm elastic_setup
Here's how I created the Elasticsearch CA and cert:
# cat elastic-certs.yml
version: "3.8"
services:
setup:
image: localhost:5000/elasticsearch:${STACK_VERSION:?} #######
volumes:
- ${SHARED_DIR:?}/certs:/usr/share/elasticsearch/config/certs
user: "0:0"
command: >
bash -c '
if [ ! -f certs/ca.zip ]; then
echo "Creating CA";
bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
unzip config/certs/ca.zip -d config/certs;
fi;
if [ ! -f certs/certs.zip ]; then
echo "Creating certs";
echo -ne \
"instances:\n"\
" - name: elasticsearch\n"\
" dns:\n"\
" - elasticsearch\n"\
" - localhost\n"\
" ip:\n"\
" - 127.0.0.1\n"\
> config/certs/instances.yml;
bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
unzip config/certs/certs.zip -d config/certs;
echo "Setting file permissions"
chown -R root:root config/certs;
find . -type d -exec chmod 750 \{\} \;;
find . -type f -exec chmod 640 \{\} \;;
fi;
sleep infinity
'
healthcheck:
test: ["CMD-SHELL", "[ -f config/certs/elasticsearch/elasticsearch.crt ]"]
interval: 1s
timeout: 5s
retries: 120
# . ./elastic-stack-env
# docker stack deploy -c elastic-certs.yml elastic-certs
# # ... ensure files are created under $SHARED_DIR/certs, then
# docker stack rm elastic-certs
How I created the Kibana cert is outside the scope of this question.
I run a Fluent Bit swarm service (mode: global, docker network elastic-net) to send logs to the elasticsearch service. Although outside the scope of this question, here's the salient config:
[OUTPUT]
name es
match <whatever is appropriate for you here>
host elasticsearch
port 9200
index my-index-default
http_user fluentbit
http_passwd ${FLUENTBIT_PASSWORD}
tls on
tls.ca_file /certs/ca/ca.crt
tls.crt_file /certs/elasticsearch/elasticsearch.crt
tls.key_file /certs/elasticsearch/elasticsearch.key
retry_limit false
suppress_type_name on
# trace_output on
Host elasticsearch will be resolved by docker's DNS server to the three IP addresses of the elasticsearch replicas, so there is no single point of failure.
I have a docker image (lfs-service:latest) that I'm trying to run as part of a suite of micro services.
RHELS 7.5
Docker version: 1.13.1
docker-compose version 1.23.2
Postgres 11 (installed on RedHat host machine)
The following command works exactly as I would like:
docker run -d \
-p 9000:9000 \
-v "$PWD/lfs-uploads:/lfs-uploads" \
-e "SPRING_PROFILES_ACTIVE=dev" \
-e dbhost=$HOSTNAME \
--name lfs-service \
[corp registry]/lfs-service:latest
This successfully:
creates/starts a container with my Spring Boot Docker image on port
9000
writes the uploads to disk into the lfs-uploads directory
and connects to a local Postgres DB that's running on the host
machine (not in a Docker container).
My service works as expected. Great!
Now, my problem:
I'm tring to run/manage my services using Docker Compose with the following content (I have removed all other services and my api gateway from docker-compose.yaml to simplify the scenario):
version: '3'
services:
lfs-service:
image: [corp registry]/lfs-service:latest
container_name: lfs-service
stop_signal: SIGINT
ports:
- 9000:9000
expose:
- 9000
volumes:
- "./lfs-uploads:/lfs-uploads"
environment:
- SPRING_PROFILES_ACTIVE=dev
- dbhost=$HOSTNAME
Relevant entries in application.yaml:
spring:
profiles: dev
datasource:
url: jdbc:postgresql://${dbhost}:5432/lfsdb
username: [dbusername]
password: [dbpassword]
jpa:
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
hibernate:
ddl-auto: update
Execution:
docker-compose up
...
The following profiles are active: dev
...
Tomcat initialized with port(s): 9000 (http)
...
lfs-service | Caused by: java.net.UnknownHostException: [host machine hostname]
lfs-service | at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184) ~[na:1.8.0_181]
lfs-service | at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[na:1.8.0_181]
lfs-service | at java.net.Socket.connect(Socket.java:589) ~[na:1.8.0_181]
lfs-service | at org.postgresql.core.PGStream.<init>(PGStream.java:70) ~[postgresql-42.2.5.jar!/:42.2.5]
lfs-service | at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:91) ~[postgresql-42.2.5.jar!/:42.2.5]
lfs-service | at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192) ~[postgresql-42.2.5.jar!/:42.2.5]
...
lfs-service | 2019-01-11 18:46:54.495 WARN [lfs-service,,,] 1 --- [ main] o.s.b.a.orm.jpa.DatabaseLookup : Unable to determine jdbc url from datasource
lfs-service |
lfs-service | org.springframework.jdbc.support.MetaDataAccessException: Could not get Connection for extracting meta-data; nested exception is org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is org.postgresql.util.PSQLException: The connection attempt failed.
lfs-service | at org.springframework.jdbc.support.JdbcUtils.extractDatabaseMetaData(JdbcUtils.java:328) ~[spring-jdbc-5.1.2.RELEASE.jar!/:5.1.2.RELEASE]
lfs-service | at org.springframework.jdbc.support.JdbcUtils.extractDatabaseMetaData(JdbcUtils.java:356) ~[spring-jdbc-5.1.2.RELEASE.jar!/:5.1.2.RELEASE]
...
Both methods of starting should be equivalent but obviously there's a functional difference... Any ideas on how to resolve this issue / write a comperable docker-compose file which is functionally identical to the "docker run" command at the top?
NOTE: I've also tried the following values for dbhost: localhost, 127.0.0.1 - this won't work as it attempts to find the DB in the container, and not on the host machine.
CORRECTION:
Unfortunately, while this solution works in the simplest use case - it will break Eureka & API Gateways from functioning, as the container will be running on a separate network. I'm still looking for working solution.
To anyone looking for a solution to this question, this worked for me:
docker-compose.yaml:
lfs-service:
image: [corp repo]/lfs-service:latest
container_name: lfs-service
stop_signal: SIGINT
ports:
- 9000:9000
expose:
- 9000
volumes:
- "./lfs-uploads:/lfs-uploads"
environment:
- SPRING_PROFILES_ACTIVE=dev
- dbhost=localhost
network_mode: host
Summary of changes made to docker-compose.yaml:
change $HOSTNAME to "localhost"
Add "network_mode: host"
I have no idea if this is the "correct" way to resolve this, but since it's only for our remote development server the solution is working for me. I'm open to suggestions if you have a better solution.
Working solution
The simple solution is to just provide the host machine IP address (vs hostname).
environment:
- SPRING_PROFILES_ACTIVE=dev
- dbhost=172.18.0.1
Setting this via an environment variable would probably be more portable:
export DB_HOST_IP=172.18.0.1
docker-compose.yaml
environment:
- SPRING_PROFILES_ACTIVE=dev
- dbhost=${DB_HOST_IP}
I use docker and docker-compose to deploy and run my java application running on port 5555.
I run it as docker-compose -f docker-compose.yml up -d
But if I run telnet command outside of my server where docker container is runnig I get Connection refused message. If run it inside the server everything is fine.
So these things are checked:
$: docker-compose ps
$: ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
5555/tcp ALLOW Anywhere
5432 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
5555/tcp (v6) ALLOW Anywhere (v6)
5432 (v6) ALLOW Anywhere (v6)
docker-compose.yml
version: '3'
services:
db:
container_name: db
image: postgres
restart: always
ports:
- 5432:5432
auth:
container_name: auth
image: registryimg
restart: always
stdin_open: true
tty: true
ports:
- 5555:5555
Dockerfile
FROM openjdk:8-jre
ADD target/auth.jar app.jar
EXPOSE 5555
ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "app.jar"]
Update 1
From the docker logs of my container I found that application binds correctly to desired port:
2019-01-18 10:18:11.481 DEBUG 1 --- [ntLoopGroup-2-1] io.netty.handler.logging.LoggingHandler : [id: 0xaf27337e] REGISTERED
2019-01-18 10:18:11.485 DEBUG 1 --- [ntLoopGroup-2-1] io.netty.handler.logging.LoggingHandler : [id: 0xaf27337e] BIND: localhost/127.0.0.1:5555
2019-01-18 10:18:11.489 DEBUG 1 --- [ntLoopGroup-2-1] io.netty.handler.logging.LoggingHandler : [id: 0xaf27337e, L:/127.0.0.1:5555] ACTIVE
Update 2
From my home computer I run telnet command telnet myhost 5555 and I get an error:
Trying myhost...
telnet: Unable to connect to remote host: Connection refused
After it's done I watch my container logs and they are empty (netty didn't register any connections).
Else I want to point that if I telnet another container with potgresql inside it - everything is ok.
Well, shot answer is think what host you are binding.
In my case netty server was bound like this:
BIND: localhost/127.0.0.1:5555
I've change it to:
BIND: 0.0.0.0/0.0.0.0:5555
And it works like a charm!
In my Kubuntu 18.04 I try to run docker for my Laravel application
$ docker --version
Docker version 17.12.1-ce, build 7390fc6
I have 3 files:
.env:
# PATHS
DB_PATH_HOST=./databases
APP_PATH_HOST=./votes
APP_PTH_CONTAINER=/var/www/html/
docker-compose.yml:
version: '3'
services:
web:
build: ./web/Dockerfile.yml
environment:
- APACHE_RUN_USER=www-data
volumes:
- ${DB_PATH_HOST}:${APP_PTH_CONTAINER}
ports:
- 8080:80
working_dir: ${APP_PTH_CONTAINER}
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: always
environment:
MYSQL_ROOT_PASSWORD: 1
volumes:
- ${DB_PATH_HOST}:/var/lib/mysql
adminer:
image: adminer
restart: always
ports:
- 8080:8080
composer:
image: composer:1.6
volumes:
- ${DB_PATH_HOST}:${APP_PTH_CONTAINER}
working_dir: ${APP_PTH_CONTAINER}
command: composer install
/web/Dockerfile.yml:
FROM php:7.2-apache
RUN docker-php-ext-install \
pdo_mysql \
&& a2enmod \
rewrite
When I try to use docker-compose up --build, I get the following:
serge#serge:/mnt/_work_sdb8/wwwroot/lar/DockerApps/votes_docker$ docker-compose up --build
Building web
Traceback (most recent call last):
File "bin/docker-compose", line 6, in <module>
File "compose/cli/main.py", line 71, in main
File "compose/cli/main.py", line 127, in perform_command
File "compose/cli/main.py", line 1052, in up
File "compose/cli/main.py", line 1048, in up
File "compose/project.py", line 466, in up
File "compose/service.py", line 329, in ensure_image_exists
File "compose/service.py", line 1047, in build
File "site-packages/docker/api/build.py", line 142, in build
TypeError: You must specify a directory to build in path
[6769] Failed to execute script docker-compose
I know that *.py that is python language files, but I do not use python language or work with it, I work with PHP.
Why is an error and how to fix it?
MODIFIED:
$ docker-compose up --build
Building webapp
Step 1/2 : FROM php:7.2-apache
---> a7d68dad7584
Step 2/2 : RUN docker-php-ext-install pdo_mysql && a2enmod rewrite
---> Using cache
---> 519d1b33af81
Successfully built 519d1b33af81
Successfully tagged votes_docker_webapp:latest
Starting votes_docker_adminer_1 ...
Starting votes_docker_composer_1 ...
Starting votes_docker_adminer_1 ... error
votes_docker_db_1 is up-to-date
ERROR: for votes_docker_adminer_1 Cannot start service adminer: driver failed programming external connectivity on endpoint votes_docker_adminer_1 (6e94693ab8b1a990aaa83164df0952e8665f351618a72aStarting votes_docker_composer_1 ... done
ERROR: for adminer Cannot start service adminer: driver failed programming external connectivity on endpoint votes_docker_adminer_1 (6e94693ab8b1a990aaa83164df0952e8665f351618a72a5531f9c3ccc18a2e3d): Bind for 0.0.0.0:8080 failed: port is already allocated
ERROR: Encountered errors while bringing up the project.
I tried to check related ports and got:
# sudo netstat -ntpl | grep 8080:8080
# sudo netstat -ntpl | grep 0.0.0.0:8080
# sudo netstat -ntpl | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 7361/docker-proxy
MODIFIED #2:
serge#serge:/mnt/_work_sdb8/wwwroot/lar/DockerApps/votes_docker$ docker-compose up --build
Creating network "votes_docker_default" with the default driver
Building webapp
Step 1/2 : FROM php:7.2-apache
---> a7d68dad7584
Step 2/2 : RUN docker-php-ext-install pdo_mysql && a2enmod rewrite
---> Using cache
---> 519d1b33af81
Successfully built 519d1b33af81
Successfully tagged votes_docker_webapp:latest
Creating votes_docker_adminer_1 ... done
Creating votes_docker_composer_1 ... done
Creating votes_docker_webapp_1 ... done
Creating votes_docker_db_1 ... done
Attaching to votes_docker_adminer_1, votes_docker_composer_1, votes_docker_webapp_1, votes_docker_db_1
adminer_1 | PHP 7.2.10 Development Server started at Mon Oct 15 10:14:02 2018
composer_1 | Composer could not find a composer.json file in /var/www/html
composer_1 | To initialize a project, please create a composer.json file as described in the https://getcomposer.org/ "Getting Started" section
votes_docker_composer_1 exited with code 1
webapp_1 | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.20.0.4. Set the 'ServerName' directive globally to suppress this message
webapp_1 | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.20.0.4. Set the 'ServerName' directive globally to suppress this message
webapp_1 | [Mon Oct 15 10:14:05.281793 2018] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) PHP/7.2.10 configured -- resuming normal operations
webapp_1 | [Mon Oct 15 10:14:05.281843 2018] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
db_1 | 2018-10-15T10:14:06.541323Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
db_1 | 2018-10-15T10:14:06.541484Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.11) starting as process 1
db_1 | mbind: Operation not permitted
db_1 | mbind: Operation not permitted
db_1 | mbind: Operation not permitted
db_1 | mbind: Operation not permitted
db_1 | 2018-10-15T10:14:07.062202Z 0 [Warning] [MY-011071] [Server] World-writable config file './auto.cnf' is ignored.
db_1 | 2018-10-15T10:14:07.062581Z 0 [Warning] [MY-010107] [Server] World-writable config file './auto.cnf' has been removed.
db_1 | 2018-10-15T10:14:07.063146Z 0 [Warning] [MY-010075] [Server] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 0cd8212e-d063-11e8-8e69-0242ac140005.
db_1 | 2018-10-15T10:14:07.079020Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
db_1 | 2018-10-15T10:14:07.091951Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/run/mysqld' in the path is accessible to all OS users. Consider choosing a different directory.
db_1 | 2018-10-15T10:14:07.103829Z 0 [Warning] [MY-010315] [Server] 'user' entry 'mysql.infoschema#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.103896Z 0 [Warning] [MY-010315] [Server] 'user' entry 'mysql.session#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.103925Z 0 [Warning] [MY-010315] [Server] 'user' entry 'mysql.sys#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.103947Z 0 [Warning] [MY-010315] [Server] 'user' entry 'root#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.104006Z 0 [Warning] [MY-010323] [Server] 'db' entry 'performance_schema mysql.session#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.104034Z 0 [Warning] [MY-010323] [Server] 'db' entry 'sys mysql.sys#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.104070Z 0 [Warning] [MY-010311] [Server] 'proxies_priv' entry '# root#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.112700Z 0 [Warning] [MY-010330] [Server] 'tables_priv' entry 'user mysql.session#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.112738Z 0 [Warning] [MY-010330] [Server] 'tables_priv' entry 'sys_config mysql.sys#localhost' ignored in --skip-name-resolve mode.
db_1 | 2018-10-15T10:14:07.117764Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.11' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server - GPL.
Is it mysql misconfigure?
I run it not as root.
Also as I use LAMP do I need to stop apache and mysql before running docker-compose command?
MODIFIED #3:
After some searching I added mysql version in my config file and added command option:
image: mysql:5.7.23
command: --default-authentication-plugin=mysql_native_password --disable-partition-engine-check
and the above error was fixed.
So:
1. In other console under root I run commands (but I'm still not sure if I need it?)
sudo service apache2 stop
sudo service mysql stop
2. Under nonroot console I run with key to run in background:
docker-compose up -d
serge#serge:/mnt/_work_sdb8/wwwroot/lar/DockerApps/votes_docker$ docker-compose down
Stopping votes_docker_db_1 ... done
Stopping votes_docker_webapp_1 ... done
Stopping votes_docker_adminer_1 ... done
Removing votes_docker_db_1 ... done
Removing votes_docker_webapp_1 ... done
Removing votes_docker_composer_1 ... done
Removing votes_docker_adminer_1 ... done
Removing network votes_docker_default
docker-compose up -d
Creating network "votes_docker_default" with the default driver
Creating votes_docker_webapp_1 ... done
Creating votes_docker_adminer_1 ... done
Creating votes_docker_db_1 ... done
Creating votes_docker_composer_1 ... done
I have no errors in output, but I expected as a result to have vendor directory in my project, as I have in web/Dockerfile.yml:
FROM php:7.2-apache
RUN docker-php-ext-install \
pdo_mysql \
&& a2enmod \
rewrite
But I do not see this directory...
Was the installation successful or not?
I'm not sure where to move next?
serge#serge:/mnt/_work_sdb8/wwwroot/lar/DockerApps/votes_docker$ docker info
Containers: 33
Running: 2
Paused: 0
Stopped: 31
Images: 19
Server Version: 17.12.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9b55aab90508bd389d7654c4baf173a981477d55
runc version: 9f9c96235cc97674e935002fc3d78361b696a69e
init version: v0.13.0 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-36-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.711GiB
Name: serge
ID: BDNU:HFWX:N6YV:IWYW:HJSU:SZ23:URPB:3FR2:7I3E:IFGK:AOLH:YRE5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
serge#serge:/mnt/_work_sdb8/wwwroot/lar/DockerApps/votes_docker$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
votes_docker_webapp latest 519d1b33af81 27 hours ago 378MB
adminer latest 0038b45402de 4 weeks ago 81.7MB
composer 1.6 e28b5b53ab28 4 weeks ago 154MB
php 7.2-apache a7d68dad7584 4 weeks ago 378MB
mysql 5.7.23 563a026a1511 5 weeks ago 372MB
mysql 5.7.22 6bb891430fb6 2 months ago 372MB
test2_php latest 05534d47f926 3 months ago 84.7MB
test1_php latest 05534d47f926 3 months ago 84.7MB
<none> <none> 6060fcf4d103 3 months ago 81MB
php fpm-alpine 601d5b3a95d4 3 months ago 80.6MB
php apache d9faf33e6e40 3 months ago 377MB
mysql latest 8d99edb9fd40 3 months ago 445MB
php 7-fpm 854ffd8dc9d8 3 months ago 367MB
php 7.2 e86d9bb526ef 3 months ago 367MB
ukfx/php apache-stretch 5958cb7c2316 4 months ago 648MB
nginx alpine bc7fdec94612 4 months ago 18MB
hello-world latest e38bc07ac18e 6 months ago 1.85kB
composer/composer latest 5afb0951f2a4 2 years ago 636MB
serge#serge:/mnt/_work_sdb8/wwwroot/lar/DockerApps/votes_docker$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8beea5dceca mysql:5.7.23 "docker-entrypoint.s…" 6 minutes ago Restarting (2) 6 seconds ago votes_docker_db_1
8309b5456dcf adminer "entrypoint.sh docke…" 6 minutes ago Up 6 minutes 0.0.0.0:8081->8080/tcp votes_docker_adminer_1
cc644206931b votes_docker_webapp "docker-php-entrypoi…" 6 minutes ago Up 6 minutes 0.0.0.0:8080->80/tcp votes_docker_webapp_1
How to fix it?
Thanks!
According to docker-compose documentation, build can be specified as a string containing a path to the build context if you have Dockerfile inside it.
You are using Dockerfile.yml file, which is not a default one (Dockerfile), so in this case context and dockerfile should be specified as well:
web:
build:
context: ./web
dockerfile: Dockerfile.yml
The final docker-compose.yaml is:
version: '3'
services:
web:
build:
context: ./web
dockerfile: Dockerfile.yml
environment:
- APACHE_RUN_USER=www-data
volumes:
- ${DB_PATH_HOST}:${APP_PTH_CONTAINER}
ports:
- 8080:80
working_dir: ${APP_PTH_CONTAINER}
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: always
environment:
MYSQL_ROOT_PASSWORD: 1
volumes:
- ${DB_PATH_HOST}:/var/lib/mysql
adminer:
image: adminer
restart: always
ports:
- 8080:8080
composer:
image: composer:1.6
volumes:
- ${DB_PATH_HOST}:${APP_PTH_CONTAINER}
working_dir: ${APP_PTH_CONTAINER}
command: composer install
Addition to MODIFIED part:
Both web and adminer are configured to be allocated on port 8080 on a host system. That's why you have a conflict here. To resolve above issue you need to bind adminer to another port 8081 for example.
The final docker-compose.yaml is:
version: '3'
services:
web:
build:
context: ./web
dockerfile: Dockerfile.yml
environment:
- APACHE_RUN_USER=www-data
volumes:
- ${DB_PATH_HOST}:${APP_PTH_CONTAINER}
ports:
- 8080:80
working_dir: ${APP_PTH_CONTAINER}
db:
image: mysql
command: --default-authentication-plugin=mysql_native_password
restart: always
environment:
MYSQL_ROOT_PASSWORD: 1
volumes:
- ${DB_PATH_HOST}:/var/lib/mysql
adminer:
image: adminer
restart: always
ports:
- 8081:8080
composer:
image: composer:1.6
volumes:
- ${DB_PATH_HOST}:${APP_PTH_CONTAINER}
working_dir: ${APP_PTH_CONTAINER}
command: composer install
Addition to MODIFIED3 part:
I see the following error with your composer docker container:
composer_1 | Composer could not find a composer.json file in /var/www/html
composer_1 | To initialize a project, please create a composer.json file as described in the https://getcomposer.org/ "Getting Started" section
Is it because you accidentally put ${DB_PATH_HOST} instead of ${APP_PATH_HOST} in the composer config?
composer:
image: composer:1.6
volumes:
- ${DB_PATH_HOST}:${APP_PTH_CONTAINER}
working_dir: ${APP_PTH_CONTAINER}
command: composer install