This issue happens when you install latest Docker for Windows that uses Hyper-V.
However you can see ips in docker network inspect bridge output:
"Containers": {
"...": {
"Name": "dockerdevenvironment_rabbit_1",
"EndpointID": "...",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"...": {
"Name": "webserver",
"EndpointID": "...",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"...": {
"Name": "dockerdevenvironment_mongo_1",
"EndpointID": "...",
"MacAddress": "02:42:ac:11:00:05",
"IPv4Address": "172.17.0.5/16",
"IPv6Address": ""
}
You can't even ping them or connect them in any way.
By default dockerNAT assigns 10.0.75.0/24 to MobyLinuxVM.
Docker inside MobyLinuxVM assigns to containers IP addresses in range 172.17.0.0/16. You have to alter route tables to access containers IP address:
route add 172.17.0.0 MASK 255.255.0.0 10.0.75.2 -p
source: https://forums.docker.com/t/connecting-to-containers-ip-address/18817
Related
I created 3 ubuntu 20.04 VM in Proxmox VE 7 for the docker swarm. I tried to follow the site https://documentation.portainer.io/v2.0/deploy/ceinstallswarm/ to setup the Portainer on my Swarm. However I can’t browse any IP address of the ubuntu VMs to access Portainer site to setup the docker container.
Something is go wrong on the overlay network on my swarm. It looks like the ingress not enable. Please see the below network inspect for portainer_agent_network.
And I found that all swarm machines not listen the port 4789. When I run the command sudo lsof -i:4789, it shows nothing.
Does anyone help me to troubleshoot it? What is going wrong on my docker swarm?
ubuntu#swarm01:~$ docker network inspect portainer_agent_network
[
{
"Name": "portainer_agent_network",
"Id": "tzm9sx2zifgaxhpmrd8xk7gti",
"Created": "2021-08-07T14:24:33.835202371Z",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.11.0/24",
"Gateway": "10.0.11.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"54a9491638f699fc6441961b04b91c8ca923bd8e4980dbe36651fa2618cdbe2c": {
"Name": "portainer_portainer.1.fd5m3wvccnxrl43iwst2imwti",
"EndpointID": "4537774ec3c146843b48ab89707df7b04a6a76880af85dbe025fcc4d7422262c",
"MacAddress": "02:42:0a:00:0b:0c",
"IPv4Address": "10.0.11.12/24",
"IPv6Address": ""
},
"83044215d796b649ee8fc78be2d1364c80646448db3a933ee9a48ff0b0b7fe24": {
"Name": "portainer_agent.idso1hec0iqiyvm1jhu1iaoq1.qidcsempp75po4znf1c7pj09r",
"EndpointID": "dfdd91e83969150ea70674b9ea998690b47a6abf113c9a644315d641c6b68e1c",
"MacAddress": "02:42:0a:00:0b:05",
"IPv4Address": "10.0.11.5/24",
"IPv6Address": ""
},
"lb-portainer_agent_network": {
"Name": "portainer_agent_network-endpoint",
"EndpointID": "be0b5a8bdda9ccae975314fad1424d96e3c57763b1c145f4a67e286f54300195",
"MacAddress": "02:42:0a:00:0b:08",
"IPv4Address": "10.0.11.8/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4107"
},
"Labels": {
"com.docker.stack.namespace": "portainer"
},
"Peers": [
{
"Name": "0589007b93f4",
"IP": "10.0.0.241"
},
{
"Name": "be83a3dd8fbd",
"IP": "10.0.0.242"
},
{
"Name": "f937ea4c2dbf",
"IP": "10.0.0.243"
}
]
}
]
ubuntu#swarm01:~$ sudo lsof -i:7946
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dockerd 451 root 30u IPv6 14558 0t0 TCP *:7946 (LISTEN)
dockerd 451 root 32u IPv6 14559 0t0 UDP *:7946
ubuntu#swarm01:~$ sudo lsof -i:4789
ubuntu#swarm01:~$
Thanks with the best regards,
Patrick Lee
The overlay network is a virtual network that the nodes use to communicate with each other internally.
If you want any traffic that's external to the swarm (including curl from the same VM) to reach your portainer containers, then you'll need to expose that port.
Using Docker CLI: https://docs.docker.com/engine/reference/commandline/service_create/#publish-service-ports-externally-to-the-swarm--p---publish
or Docker Compose: https://docs.docker.com/compose/compose-file/compose-file-v3/#ports
Note: you want to expose these containers as services, not as individual containers.
I made a POST API Request to to create Router with external network(SET Gateway for the router) .
endpoint: /api/networks/routers/:routerId
payload:
"router": {
"name: "myrout3r"
"external_gateway_info": {
"network_id": "659cf56-cad0-40a6-ae53-f24a2123508a",
"enable_snat": true
},
"admin_state_up": true
}
}
Response:
{
"router": {
"status": "ACTIVE",
"external_gateway_info": {
"network_id": "659c2f56-cad0-40a6-ae59-f24a2123508a",
"enable_snat": true,
"external_fixed_ips": [
{
"subnet_id": "52f0822b-2c36-4810-8653-a1a60b03a8b1",
"ip_address": "172.30.60.4"
}
]
},
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"description": "",
"tags": [],
"tenant_id": "5178acd154364430876d5aa687a9df7c",
"created_at": "2018-08-07T06:50:22Z",
"admin_state_up": true,
"distributed": false,
"updated_at": "2018-08-07T09:40:30Z",
"project_id": "5178acd154364430876d5aa687a9df7c",
"flavor_id": null,
"revision_number": 13,
"routes": [],
"ha": false,
"id": "398872f0-0cf6-4f48-8c94-f55623beace4",
"name": "router-szz"
}
}
My main problem here is : A new port get's created dynamically when i am adding a router gateway for the external network in the network's ports tab . But this information is not part of the response which i want it .
2) Should I enable DHCP for the external network , if not why ?
router_external_gateway
Ports of a router can be fetched from "ports" API instead of "router" API.
Ports associated with a router can be queried with the following REST API:
curl -s -H "X-Auth-Token: $OS_TOKEN" $OS_NETWORK_API/v2.0/ports?device_id={router_id}
Example:
curl -s -H "X-Auth-Token: $OS_TOKEN" $OS_NETWORK_API/v2.0/ports?device_id=b3b11b62-04da-4a98-a981-adcd42d9fe3e
I am trying to disconnect a Docker container (ContainerA1) connected to a network (NetworkA), but am unable to do so, even with the --force flag.
$ docker network disconnect NetworkA ContainerA1
I get an error response: container c5d345a09c6d is not connected to the network. (container IDs trimmed for brevity).
Oddly enough, I am able to disconnect other containers from NetworkA.
I inspected the network using docker network inspect NetworkA. I see :
[
{
"Name": "NetworkA",
"Id": "9e4895ee72a1648ad10f297357447529b277beb92fe21069a244a8265b8f7306",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1/16"
}
]
},
"Internal": false,
"Containers": {
"aded6369aef63b5237a7f543333f0b7fafbe2f01496efb2012bb7f5d67f14268": {
"Name": "ContainerA2",
"EndpointID": "c93b9dde46884181ca5acb63c03b2fb5fb3141e98416dda3e6cbc98b166b88ee",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"ep-0f7d832a8d0cd86d8655ea9e0c1f7bbf33f1102b7bbe6454aca1ab8a48a6e4cd": {
"Name": "ContainerA1",
"EndpointID": "0f7d832a8d0cd86d8655ea9e0c1f7bbf33f1102b7bbe6454aca1ab8a48a6e4cd",
"MacAddress": "02:42:ac:12:00:07",
"IPv4Address": "172.18.0.7/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
Notice the ep- prefix for ContainerA1.
I tried removing the container, but still see it in the list of containers when I do docker network inspect NetworkA. The "EndpointID" is different from the container ID, but having same name.
How can I remove stale entries from network, NetworkA?
I have a docker host with 1 physical network interface. I want to have a docker container connected to a network that is bridged to a second IP. I'm not sure what the best way to do this is, but here is what I tried so far.
I created a sub interface with
ifconfig enp0s31f6:0 192.168.2.32
Then created a new docker network like this:
docker network create --driver=bridge --subnet=192.168.2.32/24 --gateway=192.168.2.32 second
then started a new container with --net=second
The problem is that I cannot ping google.com from within containers that are on the "second" docker network.
[
{
"Name": "second",
"Id": "1540526cbab982cd86892bdbb1b2ac20f26964824469ba890c40b3615e2bfa6d",
"Scope": "local",
"Driver": "bridge",
"IPAM": {
"Driver": "default",
"Config": [
{
"Subnet": "192.168.2.0/24",
"Gateway": "192.168.2.32"
}
]
},
"Containers": {},
"Options": {}
}
]
running "ping -I 192.168.2.32 www.google.com" on the host works.
The goal is to have the containers accessible with one IP, and the rest of the host accessible with another.
I am trying to create an ARM template that will provision multiple webservers with directly accessible ports. For instance I want a VM to have either port 9001 or 9002 open based on what the index of the VM is.
I am struggling to get the frontendPort parameter to accept a function. Here is the documentation that I have used.
Here is what the relevant portion of my template looks like:
"inboundNatRules": [
{
"copy": {
"name": "natCopy",
"count": "[parameters('numberOfVms')]"
},
"name": "[concat('directHttps-', copyIndex())]",
"properties": {
"frontendIPConfiguration": {
"id": "[concat(variables('lbID'),'/frontendIPConfigurations/LoadBalancerFrontEnd')]"
},
"frontendPort": "[add(9001, copyIndex())]",
"backendPort": 9001,
"enableFloatingIP": false,
"idleTimeoutInMinutes": 4,
"protocol": "Tcp",
"backendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmNicName'), copyIndex()), 'ipconfig')]"
}
}
}
]
I was hoping that the this particular port would result in either "9001", or "9002".
"frontendPort": "[add(9001, copyIndex())]"
Instead, I see an error in Visual Studio's Intellisense, and when I try to deploy the solution.
Create template deployment 'deploymenttemplate-0107-1555'.
New-AzureRmResourceGroupDeployment : Resource Microsoft.Network/loadBalancers 'webserverLb'
failed with message 'Unable to process template language expressions for resource
'/subscriptions/some random guid/resourceGroups/webservers/providers/Microsoft.Network/loadBalancers/webserverLb'
at line '102' and column '10'. 'The template function 'copyIndex' is not expected at this location.
The function can only be used in a resource with copy specified.
Long story short, I'm simply trying to have the same number of NAT rules as I have VM's in the template, and dynamically assign the external port number.
Please let me know if I can provide any more information. Thank you.
Try:
[Concat(900,CopyIndex(1))]
which will offset the index (0 based) and give you the number you want.
This is the syntax that works for copying the NAT rules (I am adding an RDP rule on the standard back-end port):
"copy": [
{
"name": "inboundNatRules",
"count": "[parameters('numberOfWebInstances')]",
"input": {
"name": "[concat(parameters('lbNatRulePrefix'), copyindex('inboundNatRules'))]",
"properties": {
"frontendIPConfiguration": {
"id": "[variables('lbFrontEndIpId')]"
},
"frontendPort": "[add(50001, copyIndex('inboundNatRules'))]",
"backendPort": 3389,
"enableFloatingIP": false,
"idleTimeoutInMinutes": 4,
"protocol": "tcp"
}
}
}
],
And then to apply the rules to the NIC, you actually need to add some code on the NIC itself. The following is for both LB rules and NAT rules:
"loadBalancerBackendAddressPools": [
{
"id": "[concat(variables('lbID'), '/backendAddressPools/', parameters('lbPoolName'))]"
}
],
"loadBalancerInboundNatRules": [
{
"id": "[concat(variables('lbID'),'/inboundNatRules/' , parameters('lbNatRulePrefix'), copyindex())]"
}
]
#Your script is wrong it should you are writing copyindex() but you need to pass the name of rule it should work.
"inboundNatRules": [
{
"copy": {
"name": "natCopy",
"count": "[parameters('numberOfVms')]"
},
"name": "[concat('directHttps-', copyIndex(natCopy,1))]",
"properties": {
"frontendIPConfiguration": {
"id": "[concat(variables('lbID'),'/frontendIPConfigurations/LoadBalancerFrontEnd')]"
},
"frontendPort": "[add(9001, copyIndex(natCopy,1))]",
"backendPort": 9001,
"enableFloatingIP": false,
"idleTimeoutInMinutes": 4,
"protocol": "Tcp",
"backendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmNicName'), copyIndex(natCopy,1)), 'ipconfig')]"
}
}
}
$LoadBalancer = Get-AzureRmLoadBalancer -ResourceGroupName $ResourceGroupName -Name $LoadBalancerName
$publicIP1 = Get-AzureRmPublicIpAddress -name $pipName -resourcegroupname $ResourceGroupName
$frontendIP1 = Get-AzureRmLoadBalancerFrontendIpConfig -LoadBalancer $LoadBalancer -Name $FrontendIpConfigName
$LoadBalancer | Add-AzureRmLoadBalancerInboundNatRuleConfig -Name "nat_rule_tcp_IP1_49157" -FrontendIpConfiguration $frontendIP1 -IdleTimeoutInMinutes 4 -Protocol TCP -FrontendPort 49157 -BackendPort 49157 | Set-AzureRmLoadBalancer