I have docker for windows running windows container. Machine is connected to corporate network via Cisco AnyConnect VPN. We have been having this issue for sometime with no solutions. To explain the problem here is an example. Go to docker image here https://hub.docker.com/_/microsoft-dotnet-samples and run the below commands in command prompt / powershell in sequence
docker pull mcr.microsoft.com/dotnet/samples:aspnetapp
docker run -it --rm -p 8000:80 --name aspnetcore_sample mcr.microsoft.com/dotnet/samples:aspnetapp
replace port 8000 with something else if there is an error in lines of hns file being used. Go to browser and do http://localhost:8000 assuming its running on port 8000. It doesn't connect for me. Instead of localhost i also tried below command to find the ipaddress of the container running the image and then replace localhost with that ip address but with same response unable to connect.
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name_or_id
here is an screenshot of the network adapter docker sets up by default
here is another screenshot of the nat network adapter
I am running my code using MPI on a cluster. My code runs as a task in a docker running in swarm mode.
Steps I follow to run my code:
Create a overlay network
Run docker in swarm mode
Start a docker service (replicas = 4) using below command:
docker service create --name mpiser --network mpinet --replicas 4 mpitest:latest
My test code is a simple python script having:
from mpi4py import MPI
import subprocess
import time
comm = MPI.COMM_WORLD
sizeComm = comm.Get_size()
rank = comm.Get_rank()
while True:
print("Rank:",rank,"Hostname:",subprocess.check_output(['hostname']))
time.sleep(2)
I find the ip address of the tasks launched as part of the service
exec into one of the containers
create a "hosts" file with the ip addresses I found
Launch the test code using below command:
mpirun --allow-run-as-root -n 33 --hostfile hosts --mca btl_tcp_if_exclude eth1,lo python3 /home/test.py
This works fine and I can see the prints from all the containers within the swarm.
However, if I expose one of the ports while creating service with below command
docker service create --name mpiser -p 3000:3000 --network mpinet --replicas 4 mpitest:latest
The mpirun command fails with below errors:
------------------------------------------------------------
A process or daemon was unable to complete a TCP connection
to another process:
Local host: 8d3c60280396
Remote host: cc2da25814cc
This is usually caused by a firewall on the remote host. Please
check that any firewall (e.g., iptables) has been disabled and
try again.
------------------------------------------------------------
I tried using --mca btl_tcp_if_include to include only the interface that shows the ip address I added in the hosts file
I tried using --mca btl_tcp_if_exclude to exclued other interfaces that does not have the ip address I added in hosts file
Both these did not help.
Any suggestions on why exposing the port causes communication issue between the containers will be helpful
I have installed docker engine v1.12.3 on Ubuntu 14.04 LTS and since after the following changes to enable Remote API, I'm not able to pull or run any of the docker images,
Added DOCKER_OPTS="-H tcp://127.0.0.1:2375" in /etc/default/docker.
/etc/init.d/docker start.
Following is the error received,
docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Note: I have added login in user to the docker group
If you configure the docker daemon to listen to a TCP socket (as you do), you should use the -H command line option with the docker command to point it to that socket instead of the default Unix socket.
#mustaccio is correct. The docker command defaults to using a unix socket normally at /var/run/docker.sock. You can either make your options setup like:
DOCKER_OPTS="-H tcp://127.0.0.1:2375" -H unix:///var/run/docker.sock" and restart, or always use docker -H tcp://127.0.0.1:2375 whenever you interact with the host from the command line.
The only good scenario I've seen for removing the socket is pure user security. If your Docker host is TLS enabled, you can ensure only authorized people are accessing the host by signed certificates, not just people with access to the system.
Hello Helpful Developers,
I'm having issues connecting docker containers. I have built a subversion docker container and a mongo docker container.
docker run -d -p 3343:3343 -p 4434:4434 -p 18080:18080 --name svn-server mamohr/subversion-edge
docker run -p 27017:27017 --name my-mongo -d mongo
I'm able to hit http://x.x.x.x:18080/ from a browser, but unable to curl from the my-mongo instance. I can talk to each container from my development machine, but unable to talk from container to container.
I see things like --net=bridge, host, ????, but I'm getting confused.
Please help.....
Borrowing this schema from SDN hub, imagine that C1 is your SVN container and C2 is your Mongo container:
Both containers are connected to docker0 bridge and NATed to external 192.168.50.16 network.
To connect from your Mongo container, check the bridge0 IP address of the SVN container:
# docker inspect <svn-container-name>
"Networks": {
"bridge0": {
"IPAddress": "172.17.0.19",
}
then CURL directly to it's bridge0 IP address:
curl http://172.17.0.19:18080/
To get you immediately going, you can start your hosts with --net=host and then both containers and host will be able to communicate.
Or you can use link( --link ) between from mongo to the other container.
There is lot to explain about docker networking and the docker documentation will be good point to start.
Read the documentation at https://docs.docker.com/engine/userguide/networking/dockernetworks/
I would advice you to take a look at docker compose. I think it's the best way to manage a system, which is composed of many containers.
Here is the official guide: https://docs.docker.com/compose/
Docker containers by default start attached to a bridge network called default. You can do docker network ls and see the networks you have available. You can also create networks with different attributes etc...
So in your case, both your containers are being started on the same default network, which means they should be able to communicate with each other just fine. In fact, if you only want your SVN server to be able to talk to Mongo (and don't need to connect to mongo from your host) you don't even need to expose ports on the Mongo container. Containers on the same network as each can communicate with each other just fine without ports being exposed. Exposing ports is to allow host > container connectivity.
So, what hostname / port are you using when you try to curl from the mongo instance to your SVN instance? You should be using svn-server as that will resolve to the SVN container (using Docker's built-in DNS resolution).
Direct container to container networking via container name can be achieved with a user defined network.
docker network create mynet
docker run -d --net=mynet --name svn-server mamohr/subversion-edge
docker run -d --net=mynet --name my-mongo mongo
docker exec <svn-id> ping my-mongo
docker exec <mongo-id> ping svn-server
You should always be able to connect to mapped ports though, even in your current setup. The hosts runs a process that listens on that port so any host IP should do.
$ docker run -d -p 8080:80 --net=mynet --name sleep busybox nc -lp 80 -e echo here!
63115ef88664f1186ea012e41138747725790383c741c12ca8675c3058383e68
$ ss -lntp | grep 8080
LISTEN 0 128 :::8080 :::* users:(("exe",pid=6287,fd=4))
$ docker run busybox nc <any_host_ip> 8080
here!
Please remember, container is not available by default to the ourside world.
When you running the svn-server container, you published the container's 18080 port and mapped it from the host's 18080 port. So you can access it by http://your_host_IP:18080.
From your two docker run commands, both svn-server container and my-mongo container are on the default bridge network. These two containers are connected by docker0, so they can communicate each other directly by localhost.
But if you tried to access http://your_host_IP:18080 from within your my-mongo container, that means your request would first be send to docker0, but docker0 will drop your request because you're trying to access the host, not the svn-server container.
So try this curl http://localhost:18080 or curl http://svn-server_IP:18080 from my-mongo container to access svn-server container.
I have a 5 node Riak cluster running. I ssh to node 1 and run 'riak-admin test' the output of which is "Node is not running!"..however the REST API responds (eg http://{localhst}:8098/stats returns JSON stats as expected) and I can run a client that hits the ProtoBuf endpoint ok too. I must be making a noob mistake but what? (yes, have tried sudo riak-admin test)
I'm running Riak in a docker container on Debian Jessie host and have established ssh session via docker exec -i -t [container name} bash. I have hit the HTTP endpoint with curl from the session.
This, as you might expect, turns out to be environmental. I have my five nodes running in five docker containers as per http://basho.com/riak-quick-start-with-docker/
Each time a container is recycled during a session of the host it is assigned the next ip address. The riak instance in the container has it's address statically configured, hence if I recycle a container the actual IP and the static IP for riak do not match.
I've also encountered this when the hostname doesn't contain a ".", which is the case with docker's default hostnames. I always have to start my riak containers with docker run --hostname riakN.docker.