I create an overlay network successfully, but when I create a docker container using this network it fails:
docker run --net my_overlay --name test -it centos6 bash
docker: Error response from daemon: could not add veth pair inside the network sandbox: could not find an appropriate master "ov-000100-00d00" for "vethdee0c9b".
The node's ip address is 10.16.26.118 and the original start daemon command is:
/usr/bin/docker daemon \
--insecure-registry dockerhub.xxx.com \
--cluster-store=etcd://10.16.24.153:2379,10.16.24.152:2379,10.16.25.54:2379 \
--cluster-advertise=10.16.26.118:2379
The output from docker network ls is:
[root#sa-docker-test1.db01:~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
30244c91aa3a bridge bridge local
1bbaecaa70af host host local
00d00c478d12 my_overlay overlay global
a112d2eb8504 net1 calico global
32a81070bb49 none null local
without use docker machine,I can't use the overlay network.
So,I turn to use calico network,this is easy to configure and easy to understand.
Related
Below is the command used to create overlay network driver for swarm cluster instead of using bridge network driver
$ docker network create -d overlay xyz
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
9c431bc9fec7 bridge bridge local
88a4c6a29fa4 docker_gwbridge bridge local
10a4bc649237 host host local
o79qllmq86xw ingress overlay swarm
417aca5efd6b none null local
nsteeoxfu9b1 xyz overlay swarm
$
$ docker service create --name service_name --network xyz -p 80:80 --repicas 12 <image>
What exactly is the purpose of service command using option --network xyz? is this the network namespace driver?
docker service create --network is described as Network attachments (ref. docker service create --help), it is to attach a service to an existing docker network as documented here. You can attach a service to multiple docker networks.
My efforts to create overlay network are in vain.
docker network create --driver overlay new_network
Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.
Docker-machine list
docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
dev - virtualbox Stopped Unknown
swarm-manager-1 - virtualbox Running tcp://192.168.99.103:2376 v18.09.5
If I try
docker $(docker-machine config swarm-manager-1) swarm init --advertise-addr $(docker-machine ip swarm-manager-1)
it says
Error response from daemon: This node is already part of a swarm. Use "docker swarm leave" to leave this swarm and join another one.
How to create overlay network?
How to inspect the swarm?
I am on Ubuntu 18.04.
EDIT
This works
docker $(docker-machine config swarm-manager-1) network create --driver overlay new_network
ym9wva4e8ejqji9cn61tf14kv
Anyway overlay network is not visible
docker network ls
NETWORK ID NAME DRIVER SCOPE
ab450fe43ca5 bridge bridge local
14dbdf7dc1d9 chapter11_kong-net bridge local
0a76583939bc dockerapp_default bridge local
b2c31f5e97c7 host host local
569e2a86568b microservices-docker-go-mongodb_default bridge local
68174733413c miki_default bridge local
fbafcb186ac9 none
Why?
Most probably you have different configurations on your machine. You have to run the docker network command in the same context as the docker swarm command from your example:
docker $(docker-machine config swarm-manager-1) network create --driver overlay new_network
I'm trying to update the network of a running docker container.
Note: I didn't attach any network while running the container.
[root#stagingrbt ~]# docker network connect host cdf8d6e3013d
Error response from daemon: container sharing network namespace with another container or host cannot be connected to any other network
[root#stagingrbt ~]# docker network connect docker_gwbridge cdf8d6e3013d
error during connect: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.39/networks/docker_gwbridge/connect: EOF
[root#stagingrbt ~]# docker network create -d host my-host-network
Error response from daemon: only one instance of "host" network is allowed
[root#stagingrbt ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
495080cf93e3 bridge bridge local
cf0408d6f13f docker_gwbridge bridge local
2c5461835eaf host host local
87e9cohcbogh ingress overlay swarm
84dbd78101e3 none null local
774882ac9b09 sudhirnetwork bridge local
When you start a container, such as:
docker run -d --name alpine1 alpine
It is by default connected to the bridge network, check it with:
docker container inspect alpine1
If you try to connect it to host network with:
docker network connect host alpine1
you obtain an error:
Error response from daemon: container cannot be disconnected from host network or connected to host network
you have to delete the container and run it again on the host network:
docker stop alpine1
docker rm alpine1
docker run -d --network host --name alpine1 alpine
This limitation is not present on bridge networks. You can start a container:
docker run -d --name alpine2 alpine
disconnect it from the bridge network and reconnect it to another bridge network.
docker network disconnect bridge alpine2
docker network create --driver bridge alpine-net
docker network connect alpine-net alpine2
Note also that according to the documentation:
The host networking driver only works on Linux hosts, and is not supported on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server.
If you want to circumvent the command line and change the network of your docker container via portainer, you can do so. I'm not sure exactly which is the best way of doing this, but the steps below worked for me (changing a container that was running on the bridge network by default into the host network):
In the Container list, click on the container name (emby, in my case)
Stop the container
Click on Duplicate/Edit
Scroll down to Advanced container settings and select the Network tab
Change the Network to host (or whatever you want to set it to)
Click on Deploy the container right above.
Confirm that you want to replace the old container (or deploy it under a new name if you want to be on the save side and keep the old one).
Done!
Run or connect a container to a specific network: Note first of all, the network must exist already on the host. Either specify the network at container creation/startup time (docker create or docker run) with the --net option; or attach an existing container by using the docker network connect command. For example:
docker network connect my-network my-container
I am not sure if we can change the container network while running, however, assuming that the new docker network already exists, you can run the following commands to update your container network.
Executed on Version: 20.10.21 Community Edition
# docker stop <container-name>
# docker network disconnect <old-network-id> <container-name>
# docker network connect <new-network-id> <container-name>
# docker start <container-name>
Note: you won't be able to switch to host network from other network
I was playing with ipvlan_mode=l3 by following the tutorial on docker github repo
https://gist.github.com/nerdalert/28168b016112b7c13040#ipvlan-l3-mode-example-usage
After running the commands my host and docker are not able to ping each other.
However two containers on diffrent subnets using the same parent iface are able to ping.
Commands :
docker network create -d ipvlan \
--subnet=192.168.214.0/24 \
--subnet=10.1.214.0/24 \
-o ipvlan_mode=l3 ipnet210
# Test 192.168.214.0/24 connectivity
$ docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh
$ docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh
# Test L3 connectivity from 10.1.214.0/24 to 192.168.212.0/24
$ docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10
# Test L3 connectivity from 192.168.212.0/24 to 10.1.214.0/24
$ docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10
Is there anything I'm missing ?
Thank in advance
You need to setup a static route on the host or upstream router to get a connection between host and docker subnet as mentioned in the documentation, end of the chapter:
In order to ping the containers from a remote Docker host or the container
be able to ping a remote host, the remote host or the physical network in
between need to have a route pointing to the host IP address of the
container’s Docker host eth interface.
For example (referenced to the picture) you have to create a route which point all traffic to subnet 172.16.20.0/24 to gateway 192.168.50.10/24.
I found this Q after reading about ipvlan l3 driver here
https://docs.docker.com/network/ipvlan/#ipvlan-l3-mode-example
And I see the same behavior on ubuntu 18.04 and ubuntu 20.04, both with:
kernel 5.4.0-96-generic
docker-ce 20.10.12
I assume it's by design like this that host can't even see those new networks with ip r
I would be very interested to hear how external connectivity for containers should work, in docs (link above) it's not explained, just simple picture without any details...not helpful at all.
I am creating a macvlan with this conf:
sudo docker network create -d macvlan \
--subnet=192.168.4.0/24 \
--gateway=192.168.4.1 \
-o macvlan_mode=bridge \
-o parent=eth0 macvlan70
Then I run an alpine image using:
docker run --net=macvlan70 --hostname=thehost --ip=192.168.4.17 -it alpine /bin/sh
At this moment I moved to another machine in LAN - host can't connect with Macvlan containers without a bridge.
I can ping 192.168.4.17 with success. But ping thehost will not result. In the router admin page the ip 192.168.4.17 is recognized but without the hostname associated.
As it's said in the docker docs, the user-defined hostname is not available from outside of the container.
Even in host network mode a container has its own UTS namespace by default. As such --hostname is allowed in host network mode and will only change the hostname inside the container