what I have done:
[spdocker#codebrag02 ~]$ weave launch
[spdocker#codebrag02 ~]$ weave env
export DOCKER_HOST=unix:///var/run/weave/weave.sock ORIG_DOCKER_HOST=
[spdocker#codebrag02 ~]$ eval $(weave env)
[spdocker#codebrag02 ~]$ weave run -idt --name hostA ubuntu bash
19c1caf5e6ebc6e398ddae58d253b3352847cdb78fdb58d77717450f3b156a0a
[spdocker#codebrag02 ~]$ weave run -idt --name hostB ubuntu bash
c0508959453c2d1af83ea98e7361be004fa75962897536bbb842a25382bae002
[spdocker#codebrag02 ~]$ docker exec -it 19c bash
root#hostA:/# ping hostB
PING hostB.weave.local (10.32.0.3) 56(84) bytes of data.
64 bytes from hostB.weave.local (10.32.0.3): icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from hostB.weave.local (10.32.0.3): icmp_seq=2 ttl=64 time=0.061 ms
64 bytes from hostB.weave.local (10.32.0.3): icmp_seq=3 ttl=64 time=0.075 ms
^C
--- hostB.weave.local ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.061/0.077/0.096/0.016 ms
root#hostA:/# [spdocker#codebrag02 ~]$
[spdocker#codebrag02 ~]$ ping hostA.weave.local
ping: unknown host hostA.weave.local
[spdocker#codebrag02 ~]$ ping hostB.weave.local
ping: unknown host hostB.weave.local
[spdocker#codebrag02 ~]$
I have start weave service, and start 2 docker container, hostA and hostB. HostA ping succeed to hostB, but can I ping hostA.weave.local from the DOCKER HOST ?
I think you are asking for the container hostname to resolve from the outer host. To make this happen, you need to change your host's DNS resolver to point at Weave's DNS resolver. You can see its address with weave dns-args (this is formatted for use in docker run, but it's not too cryptic)
Exactly how to modify your host's DNS resolver depends on the OS of your host.
There are some other nuances that may be important; could you say a bit more about what you are trying to achieve at a higher level?
Related
In my Fedora 32 machine DNS is working better. DNS lookup is working when ping google.com.
PING google.com (172.217.160.174) 56(84) bytes of data.
64 bytes from bom05s12-in-f14.1e100.net (172.217.160.174): icmp_seq=1 ttl=117 time=41.5 ms
64 bytes from bom05s12-in-f14.1e100.net (172.217.160.174): icmp_seq=2 ttl=117 time=47.2 ms
I build following simple docker image using default bridge network. (I need bridge network. My issue is working when i using host network. And DockerImage will have more commands)
FROM tailor/docker-libvips:node-10.9
docker build --tag dinuka/video-file-service-test-sandbox:node-10.9 .
docker run -dit --name video-test-1 dinuka/video-file-service-test-sandbox:node-10.9
I have logged to the container using following command.
docker attach video-test-1
After that i have tried to ping an IP. It is success.
/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=42.5 ms
But it is not working to domain
/# ping google.com
ping: google.com: Temporary failure in name resolution
The container DNS is correct. It is same as my machine name server.
/# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.1
My machine OS is Fedora 32. I have disable selinux and firewalld. I have tried many solutions in stackoverflow. But any can't solve this.
You need to manually add masquerading to the network interface:
ZONE=$(sudo firewall-cmd --get-zone-of-interface=<internet facing interface>)
sudo firewall-cmd --zone=$ZONE --add-masquerade --permanent success
sudo firewall-cmd --reload success
sudo systemctl restart docker
Can't ping or connect to any internet domain from docker container
Manjaro linux
dns set in /etc/docker/daemon.json on host
/etc/resolv.conf in docker container:
root#785625d57ad5:/# cat /etc/resolv.conf
nameserver 8.8.4.4
nameserver 8.8.8.8
ping from docker contaner (ip is google.com)
root#785625d57ad5:/# ping -c 3 172.217.23.142
PING 172.217.23.142 (172.217.23.142) 56(84) bytes of data.
64 bytes from 172.217.23.142: icmp_seq=2 ttl=53 time=51.9 ms
64 bytes from 172.217.23.142: icmp_seq=3 ttl=53 time=51.9 ms
--- 172.217.23.142 ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2018ms
rtt min/avg/max/mdev = 51.973/51.980/51.987/0.007 ms
root#785625d57ad5:/# ping -c 3 google.com
ping: unknown host google.com
I have two containers connected to the default bridge network:
» docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3cc528ddbe7e gitlab/gitlab-runner:latest "/usr/bin/dumb-ini..." 25 minutes ago Up 25 minutes gitlab-runner
3c01073065c7 gitlab/gitlab-ee:latest "/assets/wrapper" About an hour ago Up About an hour (healthy) 0.0.0.0:45022->22/tcp, 0.0.0.0:45080->80/tcp, 0.0.0.0:45443->443/tcp gitlab
I have found the corresponsing IP addresses with docker inspect (any better method of obtaining them?), and I can ping from one container to the other, by IP address:
» docker exec -it gitlab-runner bash
root#3cc528ddbe7e:/# ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.060 ms
^C
--- 172.17.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.060/0.067/0.079/0.010 ms
But I cannot ping by name:
root#3cc528ddbe7e:/# ping gitlab
ping: unknown host gitlab
Why is this? I thought docker provides DNS by container name.
I have two containers connected to the default bridge network...
I can ping from one container to the other, by IP address...
But I cannot ping by name...
This is the default behavior for the default bridge network.
From: Docker docs
Differences between user-defined bridges and the default bridge
User-defined bridges provide automatic DNS resolution between containers.
Containers on the default bridge network can only access each other by IP addresses, unless you use the --link option, which is considered legacy. On a user-defined bridge network, containers can resolve each other by name or alias.
When I setup a network with docker create network test1 and then start a few containers, for example
docker run -d --net=test1 --name=t1 elasticsearch
docker run -d --net=test1 elasticsearch
docker run -d --net=test1 elasticsearch
I can't broadcast ping any of these containers with docker exec -ti t1 ping 255.255.255.255.
Any idea how I can change this?
This is currently followed in issue 17814
UDP broadcasts don't work in multi-host network between hosts.
UDP broadcasts only work if both containers run on the same host.
Playing with icmp broadcast by pinging on 255.255.255.255, I receive replies only from the local host:
# ping -b 255.255.255.255
WARNING: pinging broadcast address
PING 255.255.255.255 (255.255.255.255) 56(84) bytes of data.
64 bytes from 172.18.0.1: icmp_req=1 ttl=64 time=0.601 ms
64 bytes from 172.18.0.1: icmp_req=2 ttl=64 time=0.424 ms
64 bytes from 172.18.0.1: icmp_req=3 ttl=64 time=0.420 ms
64 bytes from 172.18.0.1: icmp_req=4 ttl=64 time=0.427 ms
(I made sure /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts is set to 0 on both hosts.)
It also seems impossible to set a broadcast address on the interface connected to the shared network:
# ifconfig eth0 broadcast 10.0.0.255
SIOCSIFBRDADDR: Operation not permitted
SIOCSIFFLAGS: Operation not permitted
This ability to multicast in overlay driver is discussed in docker/libnetwork issue 552.
(help wanted)
I have a CentOS 7 host on which I am running Docker. When I do a ping from my host to 8.8.8.8, ping was successful whereas same inside a docker container is not working.
From Host
[root#linux1 ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=31.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=47 time=31.6 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 31.592/31.617/31.643/0.179 ms
From Docker Container (I am using basic ubuntu image):
[root#linux1 ~]# docker run ubuntu ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.17.0.1 icmp_seq=1 Destination Host Unreachable
From 172.17.0.1 icmp_seq=2 Destination Host Unreachable
From 172.17.0.1 icmp_seq=3 Destination Host Unreachable
From 172.17.0.1 icmp_seq=4 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, +4 errors, 100% packet loss, time 5000ms
pipe 4
Any suggestions would be helpful. Thanks
Restart the Docker daemon on Debian9
service docker restart
and the connections and networks works fine
Recently I faced a similar network issue. The other answers here didn't help: DNS was working fine and restarting Docker wouldn't change a thing. I've found that specifying the network as host solved it.
There are three ways of doing it:
In docker-compose:
By setting network_mode in the yaml file:
services:
worker:
build: .
network_mode: host
In the image building stage for RUN commands:
docker build --network=host
In the execution stage for the application:
docker run --network=host <image>
Try this:
docker run --dns=8.8.8.8 -it ubuntu ping 8.8.8.8
Ref: DOCKER DNS
I figured out the issue. It is not an issue with the DNS but an issue with the network connection itself inside Docker containers. Drilled down the issue is the default IP assigned to docker0 interface, which conflicted with my network address. Forced docker daemon to assign an IP so that it won't conflict and my issue is resolved.
Thanks
I had the same issue when stop and start container separately. I have just rebuild and re up containers.
docker-compose down
docker-compose build
docker-compose up -d
And then problem gone.