Hi running docker: Engine: 17.12.0-ce on Mac 10.12.6
I'm using the build_image feature.
FROM openjdk:8-jdk-alpine AS BUILD_IMAGE
ENV APP_ENVIROMENT=dev
ENV APP_RUNTIME=docker
ENV BUILD_HOME=/build
COPY . $BUILD_HOME
WORKDIR $BUILD_HOME
RUN wget http://xxx.xxx.xxx.xxx:8081
Getting the following error. I'm pretty sure the server is reachable from my laptop/wifi and VPN
...
removing intermediate container e5519d15a106
---> b3a3dd24343f
Step 7/16 : RUN wget http://xxx.xxx.xxx.xxx:8081
---> Running in 49fdabef0923
Connecting to xxx.xxx.xxx.xxx:8081 (xxx.xxx.xxx.xxx:8081)
wget: can't connect to remote host (xxx.xxx.xxx.xxx): Host is unreachable
Seems like a DNS issue my /etc/resolv.conf is perfectly fine and I'm pretty sure the machine is reachable. Also looks like some machines on my network are reachable while other aren't.
I can test with
RUN ping xxx.xxx.xxx.xxx
Results:
PING xxxxxx.mydomain.com (xxx.xxx.xxx.xxx): 56 data bytes
--- xxxxxx.mydomain.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
The command '/bin/sh -c ping -c 4 xxxxxx.mydomain.com' returned a non-zero code: 1
Update. Added names to be clear.
FROM openjdk:8-jdk-alpine AS BUILD_IMAGE
ENV APP_ENVIROMENT=dev
ENV APP_RUNTIME=docker
ENV BUILD_HOME=/build
COPY . $BUILD_HOME
WORKDIR $BUILD_HOME
RUN wget http://myserver.domain.net:8081
The result of docker build:
---> 76c263fb4490
Step 7/15 : RUN wget http://myserver.domain.net:8081
---> Running in ef2b13c77b91
Connecting to myserver.domain.net:8081 (10.0.0.1:8081) <-- I.P redacted to protect the inocent. :p
wget: can't connect to remote host (10.0.0.1): Host is unreachable
The command '/bin/sh -c wget http://myserver.domain.net:8081' returned a non-zero code: 1
From my console...
wget http://myserver.domain.net:8081
--2018-02-15 10:36:44-- http://myserver.domain.net:8081/
Resolving myserver.domain.net... 10.0.0.1
Connecting to myserver.domain.net|10.0.0.1|:8081... connected.
HTTP request sent, awaiting response... 200 OK
Clearly you can see docker is resolving the I.P and that my laptop can connect.
Problem solved as per: https://success.docker.com/article/How_do_I_configure_the_default_bridge_(docker0)_network_for_Docker_Engine_to_a_different_subnet
The docker bridge was conflicting with my network. We need to make an entry in daemon.json
{
"bip": "172.26.0.1/16"
}
You can use any value that is suitable for you.
Related
My host machine is MAC and I have installed Docker on my machine.
1.) Have downloaded the mysql:5 image and started container from the same :-
docker container run -d -e MYSQL_ROOT_PASSWORD=password -e MYSQL_DATABASE=learners --network bridge mysql:5
2.) Now I have logged into the Docker container, using the default bridge :-
(base) aditya#aditya-MAC PROJECTS % docker container exec -it c4 bash
root#c4abb2947a1f:/usr/local/bin#
root#c4abb2947a1f:/usr/local/bin#
root#c4abb2947a1f:/usr/local/bin# ping google.com
PING google.com (142.250.193.238) 56(84) bytes of data.
^C
--- google.com ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 2090ms
root#c4abb2947a1f:/usr/local/bin#
root#c4abb2947a1f:/usr/local/bin#
3.) On my host machine, here are networks I have :-
(base) aditya#aditya-MAC ~ % docker network ls
NETWORK ID NAME DRIVER SCOPE
c0bcfcc8b9ac aditya-network bridge local
197c1cbd4534 bridge bridge local
e7b2d1393818 docker-hadoop_default bridge local
cf84498b715b host host local
69dd81905f0a ksql-course-master_default bridge local
c0c5220ade8f none null local
(base) B0218162#APB-LTB0218162-MAC ~ %
Inside my docker, I am able to install any package like apt-get install iputils-ping.
Any help shall be highly appreciated.
Update all Repos with command -> apt update
Install iputils with command -> apt install iputils-ping
This worked for my system so I guess it should work for you too.
I am trying to wrap my golang worker app into docker image. I have successfully build image. But when I run, it turns out that my docker container cannot connect to my faktory. Here is my docker file:
# builder image
FROM golang:1.14.11-alpine AS builder
# specific directory for build process
WORKDIR /usr/src/build
# copying the source code
# to the current working directory
COPY . .
RUN apk add --no-cache git
ENV GOPRIVATE=gitlab.com/pinvest/backends/backend-structs
# RUN echo "machine gitlab.com login jais_pinhome password pinhome123" > ~/.netrc
COPY .netrc /root/.netrc
# executing build process
RUN GOOS=linux go build -ldflags="-s -w" -o app
# runtime image
FROM golang:1.14.11-alpine AS runtime
# create and use non-root user
# to increase container security
# ref https://pythonspeed.com/articles/root-capabilities-docker-security/
RUN adduser myuser --disabled-password
USER myuser
WORKDIR /home/myuser
# copy the executable binary file from builder directory
# to the current working directory
COPY --from=builder /usr/src/build/app .
# exposing port
EXPOSE 8080
# run the application
CMD ["./app"]
and here is the log my faktory:
jaisanas#DESKTOP-H2GJLP8:~/work/worker$ faktory
Faktory 1.4.0
Copyright © 2021 Contributed Systems LLC
Licensed under the GNU Public License 3.0
I 2021-01-23T01:52:15.239Z Initializing redis storage at /home/jaisanas/.faktory/db, socket /home/jaisanas/.faktory/db/redis.sock
I 2021-01-23T01:52:15.251Z Web server now listening at localhost:7420
I 2021-01-23T01:52:15.251Z PID 6897 listening at localhost:7419, press Ctrl-C to stop
If I run the worker container returns error like below:
jaisanas#DESKTOP-H2GJLP8:~/work/worker$ docker run --env-file docker_env.sh -p 8080:27017 --name woker worker
2021/01/23 01:48:40.502243 [0 <nil>] unsupported protocol scheme ""
2021/01/23 01:48:40.502380 faktory_worker_go PID 1 now ready to process jobs
2021/01/23 01:48:40.681601 dial tcp 127.0.0.1:7419: connect: connection refused
2021/01/23 01:48:40.704490 dial tcp 127.0.0.1:7419: connect: connection refused
2021/01/23 01:48:40.711848 dial tcp 127.0.0.1:7419: connect: connection refused
2021/01/23 01:48:40.845921 dial tcp 127.0.0.1:7419: connect: connection refused
2021/01/23 01:48:40.876556 dial tcp 127.0.0.1:7419: connect: connection refused
Is anyone here familiar with wrapping up golang faktory app into docker and facing the similar issue?
Inside your docker container, where the worker is running, localhost 127.0.0.1 refers to the container itself, not your host machine (where faktory is running). To access the host machine from inside the Docker container, you need to connect to the special address host.docker.internal.
In other words, you should set up your worker to connect to faktory at host.docker.internal:7419 instead of 127.0.0.1:7419
See the official Docker documentation for more details.
So I have a docker container up running, I tried to route its service port out to the host:
Here is my docker-compose file:
version: '3'
services:
ai-recommender-server:
build: .
ports:
- "3518:3518"
When the container is running, I can check it through "docker ps -a"
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ff940601a02f recommender_ai-recommender-server "python server.py" About an hour ago Up About an hour 0.0.0.0:3518->3518/tcp recommender_ai-recommender-server_1
When I tried to access from inside the container:
$ docker exec -it ff94 sh
/service # curl http://localhost:3518
{
"message": "AI recommendation system"
}
But when I tried to do this on the host, I got the error "curl: (56) Recv failure: Connection reset by peer"
$ curl http://localhost:3518
curl: (56) Recv failure: Connection reset by peer
Can anyone find out what my problem is?
Since it's python, I think binding to 0.0.0.0 may be missing in your python code
Something like this inside your python server.py
app.run(debug='False',host='0.0.0.0',port=3518)
I am having issues when trying to connect to a docker-compose network from inside of a container. These are the files I am working with. The whole thing runs when I ./run.sh.
Dockerfile:
FROM docker/compose:latest
WORKDIR .
# EXPOSE 8228
RUN apk update
RUN apk add py-pip
RUN apk add jq
RUN pip install anchorecli
COPY dockertest.sh ./dockertest.sh
COPY docker-compose.yaml docker-compose.yaml
CMD ["./dockertest.sh"]
docker-compose.yaml
services:
# The primary API endpoint service
engine-api:
image: anchore/anchore-engine:v0.6.0
depends_on:
- anchore-db
- engine-catalog
#volumes:
#- ./config-engine.yaml:/config/config.yaml:z
ports:
- "8228:8228"
..................
## A NUMBER OF OTHER CONTAINERS THAT ANCHORE-ENGINE USES ##
..................
networks:
default:
external:
name: anchore-net
dockertest.sh
echo "------------- INSTALL ANCHORE CLI ---------------------"
engineid=`docker ps | grep engine-api | cut -f 1 -d ' '`
engine_ip=`docker inspect $engineid | jq -r '.[0].NetworkSettings.Networks."cws-anchore-net".IPAddress'`
export ANCHORE_CLI_URL=http://$engine_ip:8228/v1
export ANCHORE_CLI_USER='user'
export ANCHORE_CLI_PASS='pass'
echo "System status"
anchore-cli --debug system status #This line throws error (see below)
run.sh:
#!/bin/bash
docker build . -t anchore-runner
docker network create anchore-net
docker-compose up -d
docker run --network="anchore-net" -v //var/run/docker.sock:/var/run/docker.sock anchore-runner
#docker network rm anchore-net
Error Message:
System status
INFO:anchorecli.clients.apiexternal:As Account = None
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 172.19.0.6:8228
Error: could not access anchore service (user=user url=http://172.19.0.6:8228/v1): HTTPConnectionPool(host='172.19.0.6', port=8228): Max retries exceeded with url: /v1
(Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused',))
Steps:
run.sh builds container image and creates network anchore-net
the container has an entrypoint script, which does multiple things
firstly, it brings up the docker-compose network as detached FROM inside the container
secondly, nstalls anchore-cli so I can run commands against container network
lastly, attempts to get a system status of the anchore-engine (d.c network) but thats where I am running into HTTP request connection issues.
I am dynamically getting the IP of the api endpoint container of anchore-engine and setting the URL of the request to do that. I have also tried passing those variables from command line such as:
anchore-cli --u user --p pass --url http://$engine_ip/8228/v1 system status but that throws the same error.
For those of you who took the time to read through this, I highly appreciate any input you can give me as to where the issue may be lying. Thank you very much.
I have a test which starts a Docker container, performs the verification (which is talking to the Apache httpd in the Docker container), and then stops the Docker container.
When I run this test locally, this test runs just fine. But when it runs on hosted VSTS, thus a hosted build agent, it cannot connect to the Apache httpd in the Docker container.
This is the .vsts-ci.yml file:
queue: Hosted Linux Preview
steps:
- script: |
./test.sh
This is the test.sh shell script to reproduce the problem:
#!/bin/bash
set -e
set -o pipefail
function tearDown {
docker stop test-apache
docker rm test-apache
}
trap tearDown EXIT
docker run -d --name test-apache -p 8083:80 httpd
sleep 10
curl -D - http://localhost:8083/
When I run this test locally, the output that I get is:
$ ./test.sh
469d50447ebc01775d94e8bed65b8310f4d9c7689ad41b2da8111fd57f27cb38
HTTP/1.1 200 OK
Date: Tue, 04 Sep 2018 12:00:17 GMT
Server: Apache/2.4.34 (Unix)
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
<html><body><h1>It works!</h1></body></html>
test-apache
test-apache
This output is exactly as I expect.
But when I run this test on VSTS, the output that I get is (irrelevant parts replaced with …).
2018-09-04T12:01:23.7909911Z ##[section]Starting: CmdLine
2018-09-04T12:01:23.8044456Z ==============================================================================
2018-09-04T12:01:23.8061703Z Task : Command Line
2018-09-04T12:01:23.8077837Z Description : Run a command line script using cmd.exe on Windows and bash on macOS and Linux.
2018-09-04T12:01:23.8095370Z Version : 2.136.0
2018-09-04T12:01:23.8111699Z Author : Microsoft Corporation
2018-09-04T12:01:23.8128664Z Help : [More Information](https://go.microsoft.com/fwlink/?LinkID=613735)
2018-09-04T12:01:23.8146694Z ==============================================================================
2018-09-04T12:01:26.3345330Z Generating script.
2018-09-04T12:01:26.3392080Z Script contents:
2018-09-04T12:01:26.3409635Z ./test.sh
2018-09-04T12:01:26.3574923Z [command]/bin/bash --noprofile --norc /home/vsts/work/_temp/02476800-8a7e-4e22-8715-c3f706e3679f.sh
2018-09-04T12:01:27.7054918Z Unable to find image 'httpd:latest' locally
2018-09-04T12:01:30.5555851Z latest: Pulling from library/httpd
2018-09-04T12:01:31.4312351Z d660b1f15b9b: Pulling fs layer
[…]
2018-09-04T12:01:49.1468474Z e86a7f31d4e7506d34e3b854c2a55646eaa4dcc731edc711af2cc934c44da2f9
2018-09-04T12:02:00.2563446Z % Total % Received % Xferd Average Speed Time Time Time Current
2018-09-04T12:02:00.2583211Z Dload Upload Total Spent Left Speed
2018-09-04T12:02:00.2595905Z
2018-09-04T12:02:00.2613320Z 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to localhost port 8083: Connection refused
2018-09-04T12:02:00.7027822Z test-apache
2018-09-04T12:02:00.7642313Z test-apache
2018-09-04T12:02:00.7826541Z ##[error]Bash exited with code '7'.
2018-09-04T12:02:00.7989841Z ##[section]Finishing: CmdLine
The key thing is this:
curl: (7) Failed to connect to localhost port 8083: Connection refused
10 seconds should be enough for apache to start.
Why can curl not communicate with Apache on its port 8083?
P.S.:
I know that a hard-coded port like this is rubbish and that I should use an ephemeral port instead. I wanted to get it running first wirth a hard-coded port, because that's simpler than using an ephemeral port, and then switch to an ephemeral port as soon as the hard-coded port works. And in case the hard-coded port doesn't work because the port is unavailable, the error should look different, in that case, docker run should fail because the port can't be allocated.
Update:
Just to be sure, I've rerun the test with sleep 100 instead of sleep 10. The results are unchanged, curl cannot connect to localhost port 8083.
Update 2:
When extending the script to execute docker logs, docker logs shows that Apache is running as expected.
When extending the script to execute docker ps, it shows the following output:
2018-09-05T00:02:24.1310783Z CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2018-09-05T00:02:24.1336263Z 3f59aa014216 httpd "httpd-foreground" About a minute ago Up About a minute 0.0.0.0:8083->80/tcp test-apache
2018-09-05T00:02:24.1357782Z 850bda64f847 microsoft/vsts-agent:ubuntu-16.04-docker-17.12.0-ce-standard "/home/vsts/agents/2…" 2 minutes ago Up 2 minutes musing_booth
The problem is that the VSTS build agent runs in a Docker container. When the Docker container for Apache is started, it runs on the same level as the VSTS build agent Docker container, not nested inside the VSTS build agent Docker container.
There are two possible solutions:
Replacing localhost with the ip address of the docker host, keeping the port number 8083
Replacing localhost with the ip address of the docker container, changing the host port number 8083 to the container port number 80.
Access via the Docker Host
In this case, the solution is to replace localhost with the ip address of the docker host. The following shell snippet can do that:
host=localhost
if grep '^1:name=systemd:/docker/' /proc/1/cgroup
then
apt-get update
apt-get install net-tools
host=$(route -n | grep '^0.0.0.0' | sed -e 's/^0.0.0.0\s*//' -e 's/ .*//')
fi
curl -D - http://$host:8083/
The if grep '^1:name=systemd:/docker/' /proc/1/cgroup inspects whether the script is running inside a Docker container. If so, it installs net-tools to get access to the route command, and then parses the default gw from the route command to get the ip address of the host. Note that this only works if the container's network default gw actually is the host.
Direct Access to the Docker Container
After launching the docker container, its ip addresses can be obtained with the following command:
docker container inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' <container-id>
Replace <container-id> with your container id or name.
So, in this case, it would be (assuming that the first ip address is okay):
ips=($(docker container inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' nuance-apache))
host=${ips[0]}
curl http://$host/