Develop Reference

Packer.io - dial tcp 172.X.X.X:22: connect: no route to host

I'm using vsphere-clone as the builder and ansible-playbook as the provisioner to build my machine.
In one of my ansible tasks, I'm rebooting the machine (after installing some packages and changing network interfaces names), but sometimes my VM is getting a different IP address from DHCP and the ansible playbook cannot continue to the rest of the tasks. I tried the ansible.builtin.setup:
- name: do facts module to get latest information
setup:
But it's not refreshing the IP. Also tried reboot with shell provisioner instead:
{
"type": "shell",
"inline": ["echo {{user `ssh_password`}} | sudo -S reboot"],
"expect_disconnect": true,
"inline_shebang": "/bin/bash -x"
}
But the next provisioners also uses the old IP. Is there a way with Packer, to refresh the IP?

Docker on Windows 10 networking issue

I'm using Docker on a Window 10 laptop. I recently tried to get some code to run in a container to connect to another server on the network. I ended up making a Ubuntu container and found the issue is a IP conflict between the docker network and the server resource (172.17.1.3).
There appears to be an additional layer of networking on the Windows Docker setup with isn't present on the Unix system, and the docker comments to "simply using a bridge network" doesn't resolve this issue.
docker network inspect bridge
[
{
"Name": "bridge",
"Id": "d60dd1169153e8299a7039e798d9c313f860e33af1b604d05566da0396e5db19",
"Created": "2020-02-28T15:24:32.531675705Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
Is it possible to change the subnet/gateway to avoid the IP conflict? If so how? I tried the simple thing and making a new docker network:
docker network create --driver=bridge --subnet=172.15.0.0/28 --gateway=172.15.0.1 new_subnet_1
There still appears to have a conflict somewhere, I can reach other devices just nothing in 172.17.0.0/16. I assume guessing it's somewhere in the HyperV, vEthernet adapter, or vswitch.
UPDATE 1
I took a look at wireshark (PC level) with the new_subnet_1 network and I did not see these packets leave the vSwitch interface or the PC's NIC.
I did see this Docker forum which is indicating an issue with the Hyper-V and V-switch that could be the issue.
Docker Engine v19.03.5
DockerDesktopVM created by Docker for Windows install
UPDATE 2
After several Hyper-v edits and putting the environment back together I check the DockerDesktopVm. After getting in from a privileged container I found that the docker0 network had the IP conflict. Docker0 is appears to be the same default bridge network that I was avoiding, because it is a pre-defined network it cannot be removed, and all my traffic is being sent to it.

After several offshoots, and breaking my environment at least once, I found that the solution was easier then I had though.
Tuned off Docker Desktop Services
Added the following line to the %userprofile%\.docker\deamon.json file in windows 10
....lse,
"bip": "172.15.1.6/24" <<new non conflicting range
}
Restarted Docker Desktop Service
Easy solution after chasing options in Hyper-V and the Docker Host Linux VM.

Docker xDebug not connecting to VSCode

I'm trying to set up php debugging with VSCode and xDebug, but xDebug can't connect to the host. Thus, VSCode doesn't hit any breakpoints either.
When I start the debug listener in VSCode, run a Bash shell in the php-fpm container and try to connect to the host, it fails:
$ docker-compose exec php-fpm bash
root#178ba0224b37:/application# nc -zv 172.20.0.1 9001
172.20.0.1: inverse host lookup failed: Unknown host
(UNKNOWN) [172.20.0.1] 9001 (?) : Connection refused
I'm confused about the IP addresses, because in the Docker settings the Virtual Switch subnet is set to 10.0.75.0, and the network adapter vEthernet (DockerNAT) uses the IP 10.0.75.1. How do the containers get the IP range 172.20.0.x?
From my desktop I am unable to request the webpage using 172.20.0.1.
It works fine with 10.0.75.1, which shows the phpinfo() as expected, but the breakpoint is not triggered.
phpinfo() shows xDebug is configured and the settings match what I have in the php-ini-overrides.ini config.
I've disabled the firewall, tried different IP's, and checked the port and various xDebug, php, docker-compose, and VSCode debug settings.
I've been searching far and wide, but I guess I'm still missing something. My guess is that it has to do with the network connection, but I don't know what else I can change to fix this issue.
Setup
Host is Windows 10 with docker-compose and VSCode.
I got the docker debug-test directory from https://phpdocker.io/generator
Basically it uses two docker containers: nginx:alpine and phpdocker/php-fpm
My VSCode workspace looks like this:
(The readme files come from the phpdocker.io generator and contain some basic Docker info)
index.php contents:
<?php
phpinfo(); // <-- VSCode breakpoint here
echo 'hello there';
?>
The IP addresses for the containers:
/debug-test-php-fpm - 172.20.0.3
/debug-test-webserver - 172.20.0.2
$_SERVER['REMOTE_ADDR']: 172.20.0.1 <- the host?
Configs and logs
launch.json contents:
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Listen for XDebug",
"type": "php",
"request": "launch",
"pathMappings": {
"/application/public": "${workspaceRoot}/public"
},
"log": true,
"port": 9001,
"xdebugSettings": {
"max_data": 65535,
"show_hidden": 1,
"max_children": 100,
"max_depth": 5
}
},
{
"name": "Launch currently open script",
"type": "php",
"request": "launch",
"program": "${file}",
"cwd": "${fileDirname}",
"port": 9001
}
]
}
docker-compose.yml contents:
###############################################################################
# Generated on phpdocker.io #
###############################################################################
version: "3.1"
services:
webserver:
image: nginx:alpine
container_name: debug-test-webserver
working_dir: /application
volumes:
- .:/application
- ./phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
ports:
- "8000:80"
php-fpm:
build: phpdocker/php-fpm
container_name: debug-test-php-fpm
working_dir: /application
volumes:
- .:/application
- ./phpdocker/php-fpm/php-ini-overrides.ini:/etc/php/7.2/fpm/conf.d/99-overrides.ini
php-ini-overrides.ini contents:
upload_max_filesize = 100M
post_max_size = 108M
# added for debugging with Docker and VSCode
xdebug.remote_enable=1
xdebug.remote_connect_back=On
xdebug.remote_autostart=1
# xdebug.remote_host=172.20.0.1 # using remote_connect_back instead, which should work for any IP
xdebug.remote_connect_back=1
xdebug.remote_port=9001
xdebug.profiler_enable=0
xdebug.var_display_max_depth = 5
xdebug.var_display_max_children = 256
xdebug.var_display_max_data = 1024
xdebug.remote_log = /application/xdebug.log
xdebug.idekey = VSCODE
xdebug.log contents after one visit to the page:
Log opened at 2019-01-30 12:37:39
I: Checking remote connect back address.
I: Checking header 'HTTP_X_FORWARDED_FOR'.
I: Checking header 'REMOTE_ADDR'.
I: Remote address found, connecting to 172.20.0.1:9001.
W: Creating socket for '172.20.0.1:9001', poll success, but error: Operation now in progress (29).
E: Could not connect to client. :-(
Log closed at 2019-01-30 12:37:39
Log opened at 2019-01-30 12:37:39
I: Checking remote connect back address.
I: Checking header 'HTTP_X_FORWARDED_FOR'.
I: Checking header 'REMOTE_ADDR'.
I: Remote address found, connecting to 172.20.0.1:9001.
W: Creating socket for '172.20.0.1:9001', poll success, but error: Operation now in progress (29).
E: Could not connect to client. :-(
Log closed at 2019-01-30 12:37:39
This is no paste error, it actually logs the request two times for some reason.
Debug console in VSCode after starting the debug listener:
<- launchResponse
Response {
seq: 0,
type: 'response',
request_seq: 2,
command: 'launch',
success: true }
Any thoughts? I'm lost..
Perhaps it has to do with the DockerNAT setup?
Sorry for the long post. I'm still new to Docker, I hope this has all the info needed.
Edit: solved
See my answer below.

After some coding I stumbled upon the solution.
The IP address in the php debug settings was incorrect. Since my system has VPN connections, multiple ethernet adapters, multiple virtual switches, and multiple virtual machines, it's a bit tricky to find out what's used where.
I discovered the IP by accident when I ran netstat on the php container during a request:
$ docker-compose ps --services
php
app
$ docker-compose exec php sh
/var/www/html # netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 08674b3fd785:58060 192.168.137.12:http TIME_WAIT
tcp 0 0 08674b3fd785:58062 192.168.137.12:http TIME_WAIT
[...]
udp 0 0 08874b3cd785:35298 192.168.65.1:domain ESTABLISHED
I tried the 192.168.65.1 IP first, but that didn't work.
The 192.168.137.12 is the IP of a Hyper-V Virtual Machine that the php script connects to. Apparently the php container can connect to that, so maybe then it could also connect to the Windows adapter that's bound to that virtual switch, in other words: 192.168.137.1 .
Adding this to the xDebug settings solved the problem:
xdebug.remote_host = 192.168.137.1.

How could I ping my docker container from my host

I have created a ubuntu docker container on my mac
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d993a622d23 ubuntu "/bin/bash" 42 minutes ago Up 42 minutes 0.0.0.0:123->123/tcp kickass_ptolemy
I set port as 123.
My container IP is 172.17.0.2
docker inspect 5d993a622d23 | grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
On my Mac I try to ping my container,
Ping 172.17.0.2, I got Request timeout for icmp_seq 0....
What should I do? So my local machine can ping the container I installed. Did I missing some app installation on my container, which is a plain ubuntu system?

You can't ping or access a container interface directly with Docker for Mac.
The current best solution is to connect to your containers from
another container. At present there is no way we can provide routing
to these containers due to issues with OSX that Apple have not yet
resolved. we are tracking this requirement, but we cannot do anything
about it at present.
Docker Toolbox/VirtualBox
When running Docker Toolbox, Docker Machine via VirtualBox or any VirtualBox VM (like a Vagrant definition) you can setup a "Host-Only Network" and access the Docker VMs network via that.
If you are using the default boot2docker VM, don't change the existing interface as you will stop a whole lot of Docker utilities from working, add a new interface.
You will also need to setup routing from your Mac to the container networks via your VM's new IP address. In my case the Docker network range is 172.22.0.0/16 and the Host Only adapter IP on the VM is 192.168.99.100.
sudo route add 172.22.0.0/16 192.168.99.100
Adding a permanent route to osx is bit more complex
Then you can get to containers from your Mac
machost:~ ping -c 1 172.22.0.2
PING 172.22.0.2 (172.22.0.2): 56 data bytes
64 bytes from 172.22.0.2: icmp_seq=0 ttl=63 time=0.364 ms
--- 172.22.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.364/0.364/0.364/0.000 ms
Vagrant + Ansible setup
Here's my running config...
Vagrant.configure("2") do |config|
config.vm.box = "debian/contrib-buster64"
config.vm.hostname = "docker"
config.vm.network "private_network", ip: "10.7.7.7", hostname: true
config.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = "4000"
vb.cpus = "4"
end
config.vm.provision "ansible" do |ansible|
ansible.verbose = "v"
ansible.playbook = "tasks.yaml"
end
end
The ansible tasks.yaml to configure a fixed network.
- hosts: all
become: yes
vars:
ansible_python_interpreter: auto_silent
docker_config:
bip: 10.7.2.1/23
host: ["tcp://10.7.7.7:2375"]
userland-proxy: false
tasks:
- ansible.builtin.apt:
update_cache: yes
force_apt_get: yes
pkg:
- bridge-utils
- docker.io
- python3-docker
- python-docker
- iptables-persistent
- ansible.builtin.hostname:
name: docker
- ansible.builtin.copy:
content: "{{ docker_config | to_json }}"
dest: /etc/docker/daemon.json
- ansible.builtin.lineinfile:
line: 'DOCKER_OPTS="{% for host in docker_config.host %} -H {{ host }} {% endfor %}"'
regexp: '^DOCKER_OPTS='
path: /etc/default/docker
- ansible.builtin.systemd:
name: docker.service
state: restarted
- ansible.builtin.iptables:
action: insert
chain: DOCKER-USER
destination: 10.7.2.0/23
in_interface: eth1
out_interface: docker0
jump: ACCEPT
- ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4
Add the route for the docker bridge network via the VM to the mac
$ sudo /sbin/route -n -v add -net 10.7.2.0/23 10.7.7.7
Then set DOCKER_HOST=10.7.7.7 in the environment to use the new VM.
$ export DOCKER_HOST=10.7.7.7
$ docker run --name route_test --rm -d node:14-slim node -e "require('http').createServer((req, res) => {
res.writeHead(200, {'Content-Type':'text/plain'})
res.end('hello')
}).listen(3000)"
$ docker container inspect route_test -f '{{ .NetworkSettings.Networks.bridge.IPAddress }}'
$ curl http://10.7.2.3:3000
hello
$ docker rm -f route_test
You don't get volumes mapped from the host to the vm, but as a bonus it uses a lot less cpu than the Docker 2.5.x release.

As an alternative, if your container has a bash shell incorporated, you can access it through
docker exec -it <CONTAINER ID> bash
and then you can ping your virtual ip

It works in this scenario:
Windows host
Linux VM installed on Windows host
Docker container installed on Linux VM host
Now you have to note this. Containers are in a isolated network but connected to the internet throught your Docker container host adapter.So you have to tell kernel linux to be available in your network then in your Linux VM:
# sysctl net.ipv4.conf.all.forwarding=1
# sudo iptables -P FORWARD ACCEPT
Now in you Windows host you have to add a route for our container network:
route add "Docker container network" "Linux VM IP" for example
# route add 172.17.0.0/16 192.168.1.20

setup:
PC-A a is docker host, PC-B is a another PC in the network. To ping/access docker's container from PC-B, run the below iptables-rules in the host.
iptables -A FORWARD -i docker0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o docker0 -j ACCEPT
note: eth0 is host's interface and docker0 is docker's virtual default bridge.
Now add route in PC-B
route add -net <dockerip> netmask <net mask> gw <docker's host>
ping/access container services directly.

Let's say you have W-> windows machine, L-Linux Vbox VM (eth0,eth1) and docker app (using port 8989) running on this L-Linux Vbox VM. Provider does not have to Vbox anyway or W-> a win.You want to type http://app:8989 on your browser.There are two methods afak; easy way to run vagrant automatically or manually configure Vbox VM with port forwarding through "Host-only Adapter" which is actually eth1; normally eth0 is Vbox's default reserved 10.0.2.15 IP assignment.Or on command prompt on win/lin/mac through "VBoxManage" command you can set up networks or automate through scripts.
webtier.vm.network "forwarded_port", guest: 8989, host: 8989
run docker app
sudo docker run -p 8989:8989 ...
on windows explorer(W-> windows machine) browse your app
http://app:8989
You still can not ping "172.17.0.2" which is docker container IP in this situation from W-> windows machine.This could run cross-platform win/lin/mac.You might want to look into Vbox Manual and Vagrant Manual, particularly networks.

It is possible to run the containers of interest in one and the same network with an additional container with OpenVPN server, so that you can see containers over VPN connection from the host:
Use docker network create --subnet=172.19.0.0/24 my-net to create a network where containers will see each other.
Attach containers to it using --net my-net parameter for docker run.
Run an additional container with OpenVPN in the same network. This time you need a port mapping for VPN connection -p 1194:1194/udp.
Use OpenVPN client on the host to connect to this network with containers to ping them.
Also, you may need to comment out redirect-gateway instruction in OpenVPN client config file and add push "route 172.19.0.0 255.255.255.0" to (and remove other pushes from) the server config file.

Hashicorp Packer won't execute packer-provisioner-shell on Windows host

This is my 1st question. I attempted to follow all of the guidelines.
I am attempting to use Packer to create a Vagrant image of Debian 8. If I run a packer build with only the "builders" template it will execute successfully and a Virtualbox image will be produced. When I attempted to add the "provisioners" and/or "post-processers" templates, I started to error. The error occurs within about 10 seconds. It won't run the builder. The error message is:
ui error: Failed to initialize build 'virtualbox-iso': error initializing provisioner 'shell': dial tcp 127.0.0.1:10000: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
I have been working on this for a few days now. I have:
search Google for the error text
read through some of the Packer source (thought I am not familiar with Go)
reinstalled Packer with a fresh download from Packer.io
ensured the files are unblocked
executed as my default user and administrator
used Git Bash instead of cmd.exe
executed from Powershell
Used the atlas-packer-vagrant-tutorial as provided by Atlas. It will build on Atlas, but not locally.
My Packer template file:
{
"provisioners": [{
"type": "shell",
"scripts": [
"scripts/vagrant.sh"
],
"override": {
"virtualbox-iso": {
"execute_command": "echo 'vagrant' | sudo -S bash '{{.Path}}'"
}
}
}],
"builders": [{
"type": "virtualbox-iso",
"guest_os_type": "Debian_64",
"iso_url": "http://cdimage.debian.org/debian-cd/8.2.0/amd64/iso-cd/debian-8.2.0-amd64-CD-1.iso",
"iso_checksum": "234bd43d85974299d501f370ac3e7592b98832d98f82be3aff190ff3af831f8cd7574a75f4c9b36c347f138e82ccb40ff3746a4c94e7d59e4ee711e0c96dbf1d",
"iso_checksum_type": "sha512",
"ssh_username": "vagrant",
"ssh_password": "vagrant",
"ssh_wait_timeout": "120m",
"shutdown_command": "echo 'vagrant' | sudo -S shutdown -h now",
"disk_size": "20480",
"http_directory": "http",
"boot_command": [
"<esc><wait>",
"auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ",
"<enter>"
],
"vboxmanage": [
["modifyvm", "{{.Name}}", "--memory", "4096"],
["modifyvm", "{{.Name}}", "--cpus", "2"]
]
}],
"post-processors": ["vagrant"]
}
I don't have enough reputation to add additional links. The TCP View output:
packer-provisioner-shell.exe 3940 TCP 127.0.0.1 10000 0.0.0.0 0 LISTENING
packer-builder-virtualbox-iso.exe 11284 TCP 127.0.0.1 10000 127.0.0.1 49568 ESTABLISHED
packer.exe 12180 TCP 127.0.0.1 49568 127.0.0.1 10000 ESTABLISHED
packer.exe 12180 TCP 127.0.0.1 49571 127.0.0.1 10000 SYN_SENT
System Info:
Windows 7 Pro SP1 (64-bit)
Packer 0.8.6
My full code is on Github repo
My full error log in in this Gist
Thanks for any help you can provide.

I have a little similary problem with packer on windows host but me I can build correctly (provisionning error in vagrant all the same).
But you can use or compare an another project packer which run correctly for me with your project. Perhaps find a way to resolve or understand other concept can help you : packer ubuntu project

As Gregory Nisbet pointed out, this is a firewall issue. I stopped all McAfee services and I was able to proceed.