Develop Reference

Getting container-ips inside docker container

how can we run docker commands inside container with docker-compose?
Simply I want to get IP of some other network container.
I am running three container va-server, db and api-server. All the containers are in same docker-network
Here I am providing docker-compose file below:
version: "2.3"
services:
va-server:
container_name: va_server
image: nitinroxx/facesense:amd64_2022.11.28 #facesense:alpha
runtime: nvidia
restart: always
mem_limit: 4G
networks:
- perimeter-network
db:
container_name: mongodb
image: mongo:latest
ports:
- "27017:27017"
restart: always
volumes:
- ./facesense_db:/data/db
command: [--auth]
networks:
- perimeter-network
api-server:
container_name: api_server
image: nitinroxx/facesense:api_amd64_2022.11.28
ports:
- "80:80"
- "465:465"
restart: always
networks:
- perimeter-network
networks:
perimeter-network:
driver: bridge
ipam:
config:
- gateway: 10.16.239.1
subnet: 10.16.239.0/24
I have install docker inside the container which giving me below permission error:
docker.errors.dockerexception: error while fetching server api version: ('connection aborted.', permissionerror(13, 'permission denied')

...inside [a] container [...] I want to get IP of some other network container....
Docker provides an internal DNS service that can resolve container names to their Docker-internal IP addresses. From one of the containers you show, you could look up a host name like db to get the container's IP address; but in practice, this is a totally normal DNS name and all but the lowest-level networking interfaces can use those directly.
This does require that all of the containers involved be on the same Docker network. Normally Compose sets this up automatically for you; in the file you show I might delete the networks: blocks and container_name: overrides in the name of simplicity. Also see Networking in Compose in the Docker documentation.
In short:
You can probably use the Compose service names va-server, db, and api-server as host names without specifically knowing their IP addresses.
This probably means you never need to know the container IP addresses at all (they're usually unusable from outside Docker).
If you do need an IP address from inside a container, a DNS lookup can find it.
You can't usually run docker commands from inside containers. You can't do this safely without making it possible for the container to take over the whole host. There are usually better patterns that don't tie you to the Docker stack specifically.

unable to start service in docker throwing Address already in use

I am trying to run a service in docker below is the docker compose for that which is exposed to port as mentioned below
saas-ac:
image: icsdev/saas-ac
networks:
default:
ipv4_address: x.xx.x.xx
ports:
- "18056:8000" # jpda
hostname: "saas-ac"
command: [ /entrypoint/entrypoint.sh, /PC/server/tomcat, catalina.out ]
environment:
- JPDA_ADDRESS=8000 # bind jpda port to all interfaces
- CHEF_ENVIRONMENT=${CHEF_ENVIRONMENT}
- CHEF_COOKBOOK_NAME=saas-ac
- SERVICE_NAME=saas-ac
When I try running the service it says error
Cannot start service saas-ac: Address already in use
I checked the list of processes using various netstat and lsof commands but I didnt find any process which is using 18056 port and if I do docker ps there is no container up as well for this saas-ac name,can anyone help me in this how to solve this issue

How to create a Docker macvlan with user defined IP and MAC address using Compose

I have a docker project that uses the MAC address for hardware license enforcement. I cannot change this, the ISV uses a hardware fingerprint that includes the MAC address.
I am trying to create a macvlan network, that will use the physical adapter and get an IP address from my network DHCP server, alternatively I will assign a static IP address manually.
I must be able to set the MAC address manually such that it does not dynamically change and invalidate my license key.
Based on Docker docs the mac_address setting is deprecated, at least in v3 schema, but seems to be honored in v2 schemas.
I have a config that builds, using vanilla LSIO Nginx as test, but fails to run with an error stating that the MAC address cannot be assigned.
version: "2.1"
services:
nginx:
image: linuxserver/nginx
container_name: nginx_macvlan
environment:
- TZ=Americas/Los_Angeles
volumes:
- .mount:/config
ports:
- 80:80
- 443:443
restart: unless-stopped
mac_address: b7-48-d5-a6-d1-99
networks:
nginx_vlan:
ipv4_address: 192.168.1.10
networks:
nginx_vlan:
driver: macvlan
ipam:
driver: default
config:
- subnet: 192.168.1.0/24
PS C:\Users\piete\source\TestMacVlan> cd "c:\Users\piete\source\TestMacVlan"
PS C:\Users\piete\source\TestMacVlan> docker-compose -f "docker-compose-macvlan.yml" up -d --build
Creating network "testmacvlan_nginx_vlan" with driver "macvlan"
Creating nginx_macvlan ... error
ERROR: for nginx_macvlan Cannot start service nginx: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"process_linux.go:432: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: time=\\\\\\\"2020-05-16T02:46:50Z\\\\\\\" level=fatal msg=\\\\\\\"failed to add interface veth2b7c9ef to sandbox: error setting interface \\\\\\\\\\\\\\\"veth2b7c9ef\\\\\\\\\\\\\\\" MAC to \\\\\\\\\\\\\\\"b7:48:d5:a6:d1:99\\\\\\\\\\\\\\\": cannot assign requested address\\\\\\\"\\\\n\\\"\"": unknown
ERROR: for nginx Cannot start service nginx: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"process_linux.go:432: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: time=\\\\\\\"2020-05-16T02:46:50Z\\\\\\\" level=fatal msg=\\\\\\\"failed to add interface veth2b7c9ef to sandbox: error setting interface \\\\\\\\\\\\\\\"veth2b7c9ef\\\\\\\\\\\\\\\" MAC to \\\\\\\\\\\\\\\"b7:48:d5:a6:d1:99\\\\\\\\\\\\\\\": cannot assign requested address\\\\\\\"\\\\n\\\"\"": unknown
ERROR: Encountered errors while bringing up the project.
PS C:\Users\piete\source\TestMacVlan>
I am testing on Win10 using Docker for Windows.
PS C:\Users\piete\source\TestMacVlan> docker --version
Docker version 19.03.1, build 5b38d82a-
PS C:\Users\piete\source\TestMacVlan> [Environment]::OSVersion
Platform ServicePack Version VersionString
-------- ----------- ------- -------------
Win32NT 10.0.18363.0 Microsoft Windows NT 10.0.18363.0
How do I use macvlan in compose and set a MAC and IP or use DHCP for IP?

I got it working on ubuntu 18 lts in a Hyper-V container.
You have to edit the Hyper-V guest network adapter to allow "enable mac address spoofing", this is under the advanced options.
When using compose, the version can't be greater than ~v2.1, when using current v3.7+ versions you'll get a gateway is unexpected error.
On Linux the host does not get traffic routed to the macvlan, so containers need to be on the same macvlan if they need to talk to each other.
There can only be one macvlan per subnet range, or one gateway per range, not sure what the cause is.
I could not get it working on Docker for Windows, specifically I do not know how to specify the parent adapter name. I tried the actual adapter name, did not work, "eth0" works for creating the macvlan, but no traffic flows. I don't know if it is because the adapter name is wrong, or something else.
I could not get network infrastructure DHCP working using macvlan, maybe this will require creating bridges on the host.
Here is working compose file running two nginx instances on two specific IP's with two specific MAC addresses, tested on Ubuntu 18.04 LTS running on Hyper-V. I have not yet tested bare metal.
version: "2.1"
services:
nginx_10:
image: linuxserver/nginx
container_name: nginx_macvlan_10
environment:
- TZ=Americas/Los_Angeles
ports:
- 80:80
- 443:443
restart: unless-stopped
mac_address: 02:42:c0:a8:84:22
networks:
nginx_vlan:
ipv4_address: 192.168.1.10
nginx_45:
image: linuxserver/nginx
container_name: nginx_macvlan_45
environment:
- TZ=Americas/Los_Angeles
ports:
- 80:80
- 443:443
restart: unless-stopped
mac_address: 02:42:c0:a8:84:23
networks:
nginx_vlan:
ipv4_address: 192.168.1.45
networks:
nginx_vlan:
driver: macvlan
driver_opts:
parent: eth0
ipam:
driver: default
config:
- subnet: 192.168.1.0/24
gateway: 192.168.1.1
# docker-compose --file docker-compose-macvlan-ubuntu-multi.yml up --detach
I'd still like to know:
How to get this working with docker compose schema v3+.
How to get it working on Docker for Windows.
How to get DHCP working.

IPAM configuration (gateway, ip_range, aux_addresses) is now supported by docker-compose v1.27.0+.
https://github.com/docker/compose/issues/6569#issuecomment-709195165
Releases 1.27.0+ have merged v2/v3 file formats, so you should be able
to use ipam anywhere now.
https://github.com/docker/compose/releases/tag/1.27.0
Merge 2.x and 3.x compose formats and align with COMPOSE_SPEC schema
More info: https://blog.jjhayes.net/wp/2020/10/28/using-a-macvlan-network-in-docker-compose/

How to run fluentd in docker within the internal network

I have the following configuration in my docker-compose file:
fluentd:
build: ./fluentd
container_name: fluentd
expose:
- 24224
- 24224/udp
depends_on:
- "elasticsearch"
networks:
- internal
public-site:
build: ./public-site
container_name: public-site
depends_on:
- fluentd
logging:
driver: fluentd
options:
tag: public-site
networks:
- internal
networks:
internal:
When I start the app using docker-compose up, then the webserver exists with the error message ERROR: for public-site Cannot start service public-site: failed to initialize logging driver: dial tcp 127.0.0.1:24224: connect: connection refused.
On the other hand, when I publish the ports from fluentd (ports: 24224:24224), it works. The problem is that I don't want to publish those ports on the host, since it bypasses the linux firewall (i.e. it exposes the fluentd port to everyone, see here).
This is confusing, since exposing a port should make it available for every container in the network. I am using an internal network betweem fluentd and the webserver, so I would expect that the exposed ports of fluentd are enough (which isn't the case).
When I connect to the webserver container, I can ping and resolve the fluentd container, so there is a connection. For some reasons however, at startup it won't accept a fluentd config with no published ports.

The communication to 127.0.0.1 is always problematic if you're in a container. I found this explanation in the docs that performs way better than I would do:
To use the fluentd driver as the default logging driver, set the
log-driver and log-opt keys to appropriate values in the daemon.json
file, which is located in /etc/docker/ on Linux hosts or
C:\ProgramData\docker\config\daemon.json on Windows Server. For more
about +configuring Docker using daemon.json, see +daemon.json.
The following example sets the log driver to fluentd and sets the
fluentd-address option.
{
"log-driver": "fluentd",
"log-opts": {
"fluentd-address": "fluentd:24224"
}
}
src: https://docs.docker.com/config/containers/logging/fluentd/
EDIT: this works until you want to have an application on the host communicating with the dockerized fluentd (then it's a pain)

I have facing issue, I have solve using using static ip address.
logging:
driver: fluentd
options:
fluentd-address: 172.24.0.5:24224

I am facing the same error with you. After check the example config in fluent official site, I was able to connect fluentd through links.
Below is my configuration that works:
version: "3.5"
networks:
test:
services:
flog:
container_name: flog
image: mingrammer/flog:0.4.3
command: -t stdout -f apache_common -d 1s -l
logging:
driver: "fluentd"
options:
fluentd-address: localhost:24224
links:
- fluentd
networks:
- test
fluentd:
container_name: fluentd
image: moonape1226/fluentd-with-loki-plugin:v1.13-1
ports:
- "24224:24224"
- "24224:24224/udp"
volumes:
- ./config/fluentd/fluent.conf:/fluentd/etc/fluent.conf
networks:
- test

Problematic (logging) service discovery on rancher

I want to send logs from one rancher service (e.g. my_service) to another rancher service running the ELK stack with the syslog driver
I am setting up my stack via a docker-compose as follows more or less:
elk-custom:
# image: elk-custom
build:
context: .
dockerfile: Dockerfile-elk
ports:
- 5601:5601
- 9200:9200
- 5044:5044
- 5151:5151
- 5152:5152
my_service:
image: some_image_from_my_local_registry
depends_on:
- elk-custom
logging:
driver: syslog
options:
syslog-address: "tcp://elk-custom:514"
However, on the stack dashboard, for my_service I get:
my_service (Expected state running but got error: Error response from daemon: failed to initialize logging driver: dial tcp: lookup elk-custom on 10.0.2.3:53: server misbehaving)
Is there anything additional needed to make the specific logging (elk-custom) service discoverable?

a few things are going on there that are problematic. First, if you are doing build, you have to use either a git or HTTP remote url or s3 based context.
Please see the docs: http://rancher.com/docs/rancher/v1.6/en/cattle/rancher-compose/#builds
Typically, you build an image and deploy it as a service. Builds are more of a development bit and less used on a production side of things.
The next thing is that in a multi-host setup, you will have trouble routing on the Rancher network. I would recommend deploying a Logstash collector on all nodes with the syslog ingress in host networking mode. Then you can point the logging driver to the localhost syslog target. Each of the logstash collectors would then forward to either another logstash for filtering or Elastic cluster.