I'm using Docker on a Window 10 laptop. I recently tried to get some code to run in a container to connect to another server on the network. I ended up making a Ubuntu container and found the issue is a IP conflict between the docker network and the server resource (172.17.1.3).
There appears to be an additional layer of networking on the Windows Docker setup with isn't present on the Unix system, and the docker comments to "simply using a bridge network" doesn't resolve this issue.
docker network inspect bridge
[
{
"Name": "bridge",
"Id": "d60dd1169153e8299a7039e798d9c313f860e33af1b604d05566da0396e5db19",
"Created": "2020-02-28T15:24:32.531675705Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
Is it possible to change the subnet/gateway to avoid the IP conflict? If so how? I tried the simple thing and making a new docker network:
docker network create --driver=bridge --subnet=172.15.0.0/28 --gateway=172.15.0.1 new_subnet_1
There still appears to have a conflict somewhere, I can reach other devices just nothing in 172.17.0.0/16. I assume guessing it's somewhere in the HyperV, vEthernet adapter, or vswitch.
UPDATE 1
I took a look at wireshark (PC level) with the new_subnet_1 network and I did not see these packets leave the vSwitch interface or the PC's NIC.
I did see this Docker forum which is indicating an issue with the Hyper-V and V-switch that could be the issue.
Docker Engine v19.03.5
DockerDesktopVM created by Docker for Windows install
UPDATE 2
After several Hyper-v edits and putting the environment back together I check the DockerDesktopVm. After getting in from a privileged container I found that the docker0 network had the IP conflict. Docker0 is appears to be the same default bridge network that I was avoiding, because it is a pre-defined network it cannot be removed, and all my traffic is being sent to it.
After several offshoots, and breaking my environment at least once, I found that the solution was easier then I had though.
Tuned off Docker Desktop Services
Added the following line to the %userprofile%\.docker\deamon.json file in windows 10
....lse,
"bip": "172.15.1.6/24" <<new non conflicting range
}
Restarted Docker Desktop Service
Easy solution after chasing options in Hyper-V and the Docker Host Linux VM.
Related
I am trying to run multiple Docker daemon configured to run containers with Hyper-V isolation and LCOW on the same Windows 10 machine.
I was able to configure the daemons to manage their own data files, but I am still struggling to get the network configuration clean.
When the first daemon start, it binds to the local "nat" network for DNS resolution. When the second daemon starts, it tries to bind to the same "nat" network then fails as port 53 is already being used by first daemon.
ERRO[2019-02-15T15:50:58.194988300Z] Resolver Setup/Start failed for container nat, "error in opening name server socket listen udp 172.18.64.1:53: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted."
Containers started by this daemon then cannot perform any name resolution. Access through IP still works properly.
Here is the dockerd configuration I am currently using:
{
"registry-mirrors": [],
"insecure-registries": [],
"bridge": "mydaemon1",
"data-root": "C:\\Users\\myuser\\Desktop\\Docker\\Docker",
"deprecated-key-path": "C:\\Users\\myuser\\Desktop\\Docker\\Docker\\config\\key.json",
"debug": true,
"exec-root": "C:\\Users\\myuser\\Desktop\\Docker\\Docker\\exec-root",
"exec-opts": [
"isolation=hyperv"
],
"experimental": true,
"group": "mydaemon-docker",
"hosts": [
"npipe:////./pipe/mydaemon1_engine"
],
"pidfile": "C:\\Users\\myuser\\Desktop\\Docker\\Docker\\docker.pid",
"storage-opts": [
"lcow.kirdpath=C:\\Users\\myuser\\Desktop\\Docker\\server\\resources",
"lcow.kernel=lcow-kernel",
"lcow.initrd=lcow-initrd.img"
]
}
I tried to tweak the bridge configuration, but it didn't change anything. Daemon always tries to connect to nat network. It looks like the only supported value is none, which removes the default eth0 in the containers and any DNS support.
Is it possible to configure the network used for DNS resolution, ie nat here?
Ideally I want the daemon to have its own, dedicated, nat network.
I know it is not possible to do it in Docker for Windows while using the MobyVM as WinNAT, which is used in that case, does not support it.
While using Hyper-V isolation and LCOW, it seems WinNAT is not used anymore as Get-NetNat does not return any NAT network configuration despite DNS working properly. I am not sure I am right on anything, whether this is possible neither if any other Windows limitation applies...
I am working on launching Consul containers on docker with Marathon and I've run into a somewhat subjective issue regarding creating the JSON files.
Currently I plan to launch containers with JSON files of this format
server-1.json
{
"id": "consul-server-2",
"cmd": "consul agent -server -client=0.0.0.0 -ui -bind=100.10.30.40 -retry-join=server-1.local -data-dir=/tmp/consul",
"cpus": 1,
"mem": 512.0,
"instances": 1,
"container": {
"type": "DOCKER",
"docker": {
"image": "consul:latest",
"name": "dev-consul",
"network": "HOST"
}
},
"constraints": [
[
"hostname",
"CLUSTER",
"server-1.local"
]
]
}
I need to be able to change the -bind address for each JSON file and I was planning on using heredocs with BASH but I am not sure if there are better practices as far as ease of maintainability for creating these type of files.
Ideally I would have liked to have a field in Consul or Marathon which could automatically give me the IP address of a specific port to feed to -bind but because I have multiple private IPs it seems I need to configure it manually.
It sounds like you have a configuration management issue.
If I understand you correctly you have a number of servers in an internal network where each has an internal IP address and you now want to generate the right service files for each server.
Typically you would use a configuration management system like e.g. Ansible, Chef or Puppet to solve this.
Personally I can recommend Ansible since it is easy to get started with and low overhead.
To solve your problem you would then first create an inventory file with the IP addresses of your servers and then create a Jinja2 template for your service files.
You can then use the correct IP address for each server in that template and finally deploy all the files with Ansible.
Look at consul 0.7.2 or newer. There is a soon-to-be documented feature in Consul that allows for runtime configuration of IP addresses. I wouldn't recommend running Consul in a container unless running net=host, but using the configuration snippet above:
{
"id": "consul-server-2",
"cmd": "consul agent -server -client='{{ GetPrivateIP }}' -ui -bind=100.10.30.40 -retry-join=server-1.local -data-dir=/tmp/consul",
"cpus": 1,
"mem": 512.0,
"instances": 1,
"container": {
"type": "DOCKER",
"docker": {
"image": "consul:latest",
"name": "dev-consul",
"network": "HOST"
}
},
"constraints": [
[
"hostname",
"CLUSTER",
"server-1.local"
]
]
}
Other options for what address to use can be explored based on the hashicorp/go-sockaddr package.
I have ec2 instance running and which is linked with elastic ip.
when I ping it from local machine then It shows request time out because of which I am not able connect to it via putty and win scp.
I am facing this issue from last 2days.
It was working well for last 2 months.
Please help.
My instance is runig and healthy.
If you want to ping an EC2 instance from your local machine you need to allow inbound Internet Control Message Protocol (ICMP) traffic. Please check your Security Groups to make sure this is allowed. Remember that all inbound traffic is disable by default. You may need to establish a rule similar to this one (JSON format):
"AllowIngressICMP": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": <Your Security Group here>,
"IpProtocol": "icmp",
"FromPort": "-I",
"ToPort": "-I",
"CidrIp": "0.0.0.0/0"
** The -I means "every port"
When i installed docker on mac, it took a ip from my intranet network.
There after when i switched to a different network it was showing me error
$ bash --login '/Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh'
Starting "default"...
(default) Waiting for an IP...
Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): Regenerating TLS certificates
Detecting the provisioner...
Error getting SSH command: Something went wrong running an SSH command!
command : cat /etc/os-release
err : exit status 255
output :
Error checking TLS connection: Something went wrong running an SSH command!
command : ip addr show dev eth1
err : exit status 255
output :
## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\_______/
Error getting IP address: Something went wrong running an SSH command!
command : ip addr show dev eth1
err : exit status 255
output :
docker is configured to use the default machine with IP
For help getting started, check out the docs at https://docs.docker.com
I understood that something related to the gateway that got configured in 'default'
I ran
docker-machine rm default (this deleted all my previously downloaded images)
docker-machine create --driver virtualbox default
Went offline and relaunched docker-machine
The default got built. After that i went online and tried to download a image.
But i was getting connection errors.
$ docker run -t -i --name myFirstContainer ubuntu:14.04 /bin/bash
Unable to find image 'ubuntu:14.04' locally
Pulling repository docker.io/library/ubuntu
Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/ubuntu/images. You may want to check your internet connection or if you are behind a proxy.
I think its because when i was offline , no interface was assigned to 'default'
$ docker network inspect bridge
[
{
"Name": "bridge",
"Id": "df562e1cae477be7d2dc09a30ee21b0871a2202731506d3f6db3df9c1abb4cad",
"Scope": "local",
"Driver": "bridge",
"IPAM": {
"Driver": "default",
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
}
}
]
State when i reconnected to a network and rebuilt 'default'
$ docker-machine create --driver virtualbox default
Running pre-create checks...
(default) Default Boot2Docker ISO is out-of-date, downloading the latest release...
(default) Latest release for github.com/boot2docker/boot2docker is v1.10.0
(default) Downloading /Users/tt/.docker/machine/cache/boot2docker.iso from https://github.com/boot2docker/boot2docker/releases/download/v1.10.0/boot2docker.iso...
(default) 0%....10%....20%....30%....40%....50%....60%....70%....80%....90%....100%
Creating machine...
(default) Copying /Users/tt/.docker/machine/cache/boot2docker.iso to /Users/tt/.docker/machine/machines/default/boot2docker.iso...
(default) Creating VirtualBox VM...
(default) Creating SSH key...
(default) Starting the VM...
(default) Waiting for an IP...
Waiting for machine to be running, this may take a few minutes...
Machine is running, waiting for SSH to be available...
Detecting operating system of created instance...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
This machine has been allocated an IP address, but Docker Machine could not
reach it successfully.
SSH for the machine should still work, but connecting to exposed ports, such as
the Docker daemon port (usually <ip>:2376), may not work properly.
You may need to add the route manually, or use another related workaround.
This could be due to a VPN, proxy, or host file configuration issue.
You also might want to clear any VirtualBox host only interfaces you are not using.
Checking connection to Docker...
Docker is up and running!
To see how to connect Docker to this machine, run: docker-machine env default
$ docker network inspect bridge
[
{
"Name": "bridge",
"Id": "307267097a1845e6ac7b2a6a67bf800b8cda05f036c649a92af59a44689a55ab",
"Scope": "local",
"Driver": "bridge",
"IPAM": {
"Driver": "default",
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
}
}
]
$ docker run -t -i --name myFirstContainer ubuntu:14.04 /bin/bash
Unable to find image 'ubuntu:14.04' locally
14.04: Pulling from library/ubuntu
8387d9ff0016: Pull complete
3b52deaaf0ed: Pull complete
4bd501fad6de: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:0844055d30c0cad5ac58097597a94640b0102f47d6fa972c94b7c129d87a44b7
Status: Downloaded newer image for ubuntu:14.04
Is there anyway i can seamlessly run docker even when i am switching networks or when i am offline?
I have a VMWARE image running CentOS.I want to create a vagrant box from it with packer. I am new to Vagrant and can anyone suggest the steps?
Using Packer to apply additional provisioning steps to an existing VM is supported by Packer via the vmware-vmx builder
This VMware Packer builder is able to create VMware virtual machines
from an existing VMware virtual machine (a VMX file). It currently
supports building virtual machines on hosts running VMware Fusion
Professional for OS X, VMware Workstation for Linux and Windows, and
VMware Player on Linux.
In your situation where you have an existing CentOS VMX and want to turn it into a Vagrant box you would create packer.json configuration file like so:
{
"builders": [{
"type": "vmware-vmx",
"source_path": "/path/to/a/vm.vmx",
"ssh_username": "root",
"ssh_password": "root",
"ssh_wait_timeout": "30s",
"shutdown_command": "echo 'packer' | sudo -S shutdown -P now"
}],
"provisioners": [{
"type": "shell",
"inline": ["echo 'my additional provisioning steps'"]
}],
"post-processors": [{
"type": "vagrant",
"keep_input_artifact": true,
"output": "mycentos.box"
}]
}
Packer would clone the source VMX, boot the box, apply any provisioning steps you had, shut down the box, and then output a new Vagrant ".box" file.
It sounds like you won't be able to.
Packer assumes a base box (for vagrant) and ends at a new box. You can't go from a running VM to a box via Packer.
If you started the CentOS VM using vagrant, you can do vagrant export
If you have a running VM you made manually, your best bet is to start over using a Vagrant box. If you want to continue with this route: http://docs.vagrantup.com/v2/vmware/boxes.html