I'm running a container called "front-end". Other containers communicate with this container by using the name front-end which gets resolved into the containers IP address. I noticed something that doesn't make sense to me about this container.
When I shell into the container and run "ifconfig", I see one IP address. When I run "nslookup front-end" I see another IP address. I would have though that these two IPs should have matched. See my terminal output below:
I'm doing this in swarm-mode. Here is how I start the containers:
docker service create --with-registry-auth --name first --network my-network aarch64/ubuntu:16.04 sleep 99999999999999999
docker service create --with-registry-auth --name second --network my-network aarch64/ubuntu:16.04 sleep 99999999999999999
Terminal output to confirm the containers are up and running:
odroid#odroid64-cluster4:~/ssd/weaveworksdemo$ docker service ls
ID NAME REPLICAS IMAGE COMMAND
7v04cpi9b8uq second 1/1 aarch64/ubuntu:16.04 sleep 99999999999999999
cru6diqlv5on first 1/1 aarch64/ubuntu:16.04 sleep 99999999999999999
swarm service and docker PS commands
odroid#odroid64-cluster4:~/ssd/weaveworksdemo$ docker service ps first
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR
4dqy376icyi8fow1y1owwjzj0 first.1 aarch64/ubuntu:16.04 odroid64-cluster3 Running Running 2 minutes ago
odroid#odroid64-cluster4:~/ssd/weaveworksdemo$ docker service ps second
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR
aurs8nznz35to7pjcikn9903h second.1 aarch64/ubuntu:16.04 odroid64-cluster4 Running Running 2 minutes ago
odroid#odroid64-cluster4:~/ssd/weaveworksdemo$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cd28f6ec30e1 aarch64/ubuntu:16.04 "sleep 99999999999999" 3 minutes ago Up 3 minutes second.1.aurs8nznz35to7pjcikn9903h
As can be seen. First is running on cluster3, and second it running on cluster4.
Now, let's take a look at the my-network inspection:
odroid#odroid64-cluster4:~/ssd/weaveworksdemo$ docker network inspect my-network
[
{
"Name": "my-network",
"Id": "3kjlgo564nkmnccliuz7rlxa3",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.10.0.0/24",
"Gateway": "10.10.0.2"
}
]
},
"Internal": false,
"Containers": {
"cd28f6ec30e1ab33c09ef20ef4ee3968d7e7d71f83608a7ebd995986f9c7a049": {
"Name": "second.1.aurs8nznz35to7pjcikn9903h",
"EndpointID": "bf3089daf09a9de1a9b245807d8b3cb3cbee1d3e28887f8f8b5a375ba72d9e18",
"MacAddress": "02:42:0a:0a:00:06",
"IPv4Address": "10.10.0.6/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "258",
"encrypted": ""
},
"Labels": {}
}
]
The reason you only see container service "second" is because I am shelled into cluster4. If I were to shell into cluster3, and run the network inspect command, I would see the service "first". This is how network overlays work in Docker. Notice the IP is 10.10.0.6
Alright, let's shell into "second" and run ifconfig, and nslookup.
odroid#odroid64-cluster4:~/ssd/weaveworksdemo$ docker exec -ti second.1.aurs8nznz35to7pjcikn9903h bash
root#cd28f6ec30e1:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0a:0a:00:06
inet addr:10.10.0.6 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::42:aff:fe0a:6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1424 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1038 (1.0 KB) TX bytes:648 (648.0 B)
eth1 Link encap:Ethernet HWaddr 02:42:ac:12:00:03
inet addr:172.18.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe12:3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7374 errors:0 dropped:0 overruns:0 frame:0
TX packets:6551 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36597121 (36.5 MB) TX bytes:443087 (443.0 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:4096 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:876 (876.0 B) TX bytes:876 (876.0 B)
root#cd28f6ec30e1:/# nslookup second
Server: 127.0.0.11
Address: 127.0.0.11#53
Non-authoritative answer:
Name: second
Address: 10.10.0.5
Notice how ifconfig shows 10.10.0.6, and resolving the name "front-end" returns 10.10.0.5. Also, notice how network inspect matches up with the ifconfig output.
Can anyone explain why this is the case? I take back that this is all working. Having some issues with connectivity between nodes, not sure if this might have something to do with it.
One other note, I'm running two containers with different names, but I see the same thing even if I run a single container.
It's about Docker Virtual-IP
For example:
You name a service redis-service in your compose file.
You can connect to that redis server via redis-service.
If you replicate this redis service to five instances, then which ip address should redis-service resolve to?
redis-service will be resolved to a virtual ip, and five redis instances will be load balanced by this virutal ip.
It's the same even you have only one instance.
Related
Host OS is Ubuntu 19.10. I've been successful in starting the FreeIPA container using docker run, but I'd like to get it working in compose. When I run docker-compose up, freeipa crashes with the following error:
IPv6 stack is enabled in the kernel but there is no interface that has
::1 address assigned. Add ::1 address resolution to 'lo' interface.
You might need to enable IPv6 on the interface 'lo' in sysctl.conf.
My current config:
freeipa:
image: freeipa/freeipa-server
command:
[
"--realm=${ROOT_DOMAIN}",
"--ds-password=${LDAP_USER_PASSWORD}",
"--admin-password=${LDAP_ADMIN_PASSWORD}",
"-U",
]
hostname: ${FREEIPA_DOMAIN}
container_name: freeipa
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.freeipa.rule=Host(`${FREEIPA_DOMAIN:?Domain for Freeipa must be set!}`)"
- "traefik.http.routers.freeipa.entrypoints=secure"
- "traefik.http.routers.freeipa.tls.certresolver=le"
networks:
- proxy
volumes:
- ${SERVICES_ROOT}/${FREEIPA_ROOT:-freeipa}/db:/data
- ${SERVICES_ROOT}/${FREEIPA_ROOT:-freeipa}/logs:/var/logs
- /sys/fs/cgroup:/sys/fs/cgroup:ro
tmpfs:
- /run
- /var/cache
- /tmp
Link to the full (very large) compose file here
I've enabled ipv6 in Docker and reloaded the daemon:
cat /etc/docker/daemon.json
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64"
}
Following this blog post, I checked the interface configuration within a container:
$: docker run -itd ajeetraina/ubuntu-iproute bash
f549ae3efe887fe45a1594c87516b948cebbbb6916a6550d738e3271200bd9b7
$: docker exec -it f549 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
inet6 addr: 2001:db8:1::242:ac11:2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3722 (3.7 KB) TX bytes:726 (726.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
It seems like there shouldn't be an issue with the loopback device from what I'm seeing here.
I have found the answer in an unrelated Github issue. Adding
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
to the service definition fixes the problem. I hope this helps someone!
I'm unable to connect to my dockerized webpack-dev-server from my host computer. Here's what I have so far.
1) Dockerfile documents exposed 8080 port and finishes with running the webpack-dev-server
Dockerfile:
EXPOSE 8080
CMD npm run start-dev
2) Dockerfile is built into image named 'uxframe'
Command Line:
docker build -t uxframe .
3) 'peteypablo' container is started using uxframe container. 'peteypablo' is listening to all internal IPs and publishes anything on internal port 8080 to port 8080
Command Line:
docker run --name peteypablo --rm -it -p 0.0.0.0:8080:8080 uxframe
4) Webpack Dev Server runs on port 8080 inside a docker container
package.json
"start-dev" : "webpack-dev-server --config ./config/webpack.config.dev.js --public --host 0.0.0.0 --port 8080"
5) Check to ensure 'peteypablo' container is running and port is open.
Command Line:
docker ps
Result:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
387751c35091 uxframe "/bin/sh -c 'npm run…" 2 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp peteypablo
6) Get IP Address of 'peteypablo' container
Command Line:
docker inspect peteypablo | grep IPAddress
Result:
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
7) Try to connect to 172.17.0.2:8080 in browser.
Result:
8) ** Connect to 'peteypablo' and run ifconfig to verify IP addresses. (For those following along, ifconfig requires you to install net-tools in your container. In my Dockerfile it was RUN apt-get install -qy net-tools )
Command Line:
docker exec -it peteypablo ifconfig
Result:
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:792 errors:0 dropped:0 overruns:0 frame:0
TX packets:773 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:157963 (154.2 KiB) TX bytes:10865419 (10.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Still unable to connect to the webpack-dev-server.
After all of this setup, I discovered I was able to connect to the webpack-dev-server using http://localhost:8080 instead of my container's IP address of http://172.17.0.2:8080.
I'm still not sure why the ip address of the docker container itself doesn't work. From what I've gathered, it seems to have to do with the virtualization needed as part of Docker for Mac.
I created two docker containers of which one was of network type none and the other was of type bridge. I mapped their ports with that of host port using the following command during the creation of the docker containers.
docker run -p host_port:container_port image
The none type coontainers were added to a network using pipework and hence the none type containers also have IP addresses and can connect to the external networks.
I tried accessing the container port using netcat, but I couldn't access the port of the container which is of type none. Using the command "docker port container_name" I couldn't see the port in the none type container but I could see the mapped port of the bridge type container.
Netcat commands which I used were:
nc -l localhost host_port ----->in the host
nc localhost container_port ----->in the container
and vice versa.
Docker network - None, will not configure any IP for the container and doesn’t have any access to the external network as well as for other containers. It does have the loopback address and can be used for running batch jobs.
# docker run -it --network=none ubuntu:14.04 /bin/bash
root#66308c6686be:/# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
#
# docker inspect 66308c6686be | grep -i ipaddr
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "",
For more information on docker network refer here.
I've setup a CoreOs host with a public routable /64 ipv6 Subnet.
From within the host i have a global ipv6 address which is working fine but i can't get access to ipv6 hosts from within any docker container.
These are my current settings to my docker deamon:
DOCKER_OPTS=--dns 8.8.8.8 --dns 8.8.4.4 --ipv6 --fixed-cidr-v6='2a03:4000:6:e0d0::/64'
Adding --ip-forward=false or the google ipv6 DNS servers doesn't help either
Only if I add --net=host it works so I think I'm missing a fundamental network configuration part.
ifconfig from within an ubuntu:latest docker container shows this:
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
inet6 addr: 2a03:4000:6:e0d0:0:242:ac11:2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19 errors:0 dropped:4 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1565 (1.5 KB) TX bytes:676 (676.0 B)
What special configuration do i need to do to get this working?
Here is how I run my docker container -
docker run --name docker-test-server -p 5000:5000 -p 4444:4444
Container OS - Ubuntu 14.04 LTS
Now since I have mapped 4444 of container to that of machine, I try to connect -
root#localhost:/var/repo# nc -vz 127.0.0.1 4444
Connection to 127.0.0.1 4444 port [tcp/*] succeeded!
Now I enter the shell -
docker exec -it docker-test-server /bin/bash
Successfully entering, I try to get the IP address of the machine.
root#ec919687cda8:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:09
inet addr:172.17.0.9 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2227 errors:0 dropped:0 overruns:0 frame:0
TX packets:2199 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:166686 (166.6 KB) TX bytes:121473 (121.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Now I come out of the container, and try to connect to the container from the machine where the container is running by providing the IP address of container found in ifconfig -
nc -vz 172.17.0.9 4444
nc: connect to 172.17.0.9 port 4444 (tcp) failed: Connection refused
Could someone, please explain me
why am I unable to connect to the machine?
What can I do to connect to the machine?
I am running a bare container that just installs ubuntu 14.04 and exposes 2 ports. Nothing fancy.
Thanks.
You need to either disable the firewall or add port to your ubuntu firewall by using sudo ufw disable or sudo ufw
I was also facing the same issue but instead of connection refused, I got timeout.