I have a docker host with 1 physical network interface. I want to have a docker container connected to a network that is bridged to a second IP. I'm not sure what the best way to do this is, but here is what I tried so far.
I created a sub interface with
ifconfig enp0s31f6:0 192.168.2.32
Then created a new docker network like this:
docker network create --driver=bridge --subnet=192.168.2.32/24 --gateway=192.168.2.32 second
then started a new container with --net=second
The problem is that I cannot ping google.com from within containers that are on the "second" docker network.
[
{
"Name": "second",
"Id": "1540526cbab982cd86892bdbb1b2ac20f26964824469ba890c40b3615e2bfa6d",
"Scope": "local",
"Driver": "bridge",
"IPAM": {
"Driver": "default",
"Config": [
{
"Subnet": "192.168.2.0/24",
"Gateway": "192.168.2.32"
}
]
},
"Containers": {},
"Options": {}
}
]
running "ping -I 192.168.2.32 www.google.com" on the host works.
The goal is to have the containers accessible with one IP, and the rest of the host accessible with another.
Related
I created 3 ubuntu 20.04 VM in Proxmox VE 7 for the docker swarm. I tried to follow the site https://documentation.portainer.io/v2.0/deploy/ceinstallswarm/ to setup the Portainer on my Swarm. However I can’t browse any IP address of the ubuntu VMs to access Portainer site to setup the docker container.
Something is go wrong on the overlay network on my swarm. It looks like the ingress not enable. Please see the below network inspect for portainer_agent_network.
And I found that all swarm machines not listen the port 4789. When I run the command sudo lsof -i:4789, it shows nothing.
Does anyone help me to troubleshoot it? What is going wrong on my docker swarm?
ubuntu#swarm01:~$ docker network inspect portainer_agent_network
[
{
"Name": "portainer_agent_network",
"Id": "tzm9sx2zifgaxhpmrd8xk7gti",
"Created": "2021-08-07T14:24:33.835202371Z",
"Scope": "swarm",
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.0.11.0/24",
"Gateway": "10.0.11.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"54a9491638f699fc6441961b04b91c8ca923bd8e4980dbe36651fa2618cdbe2c": {
"Name": "portainer_portainer.1.fd5m3wvccnxrl43iwst2imwti",
"EndpointID": "4537774ec3c146843b48ab89707df7b04a6a76880af85dbe025fcc4d7422262c",
"MacAddress": "02:42:0a:00:0b:0c",
"IPv4Address": "10.0.11.12/24",
"IPv6Address": ""
},
"83044215d796b649ee8fc78be2d1364c80646448db3a933ee9a48ff0b0b7fe24": {
"Name": "portainer_agent.idso1hec0iqiyvm1jhu1iaoq1.qidcsempp75po4znf1c7pj09r",
"EndpointID": "dfdd91e83969150ea70674b9ea998690b47a6abf113c9a644315d641c6b68e1c",
"MacAddress": "02:42:0a:00:0b:05",
"IPv4Address": "10.0.11.5/24",
"IPv6Address": ""
},
"lb-portainer_agent_network": {
"Name": "portainer_agent_network-endpoint",
"EndpointID": "be0b5a8bdda9ccae975314fad1424d96e3c57763b1c145f4a67e286f54300195",
"MacAddress": "02:42:0a:00:0b:08",
"IPv4Address": "10.0.11.8/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "4107"
},
"Labels": {
"com.docker.stack.namespace": "portainer"
},
"Peers": [
{
"Name": "0589007b93f4",
"IP": "10.0.0.241"
},
{
"Name": "be83a3dd8fbd",
"IP": "10.0.0.242"
},
{
"Name": "f937ea4c2dbf",
"IP": "10.0.0.243"
}
]
}
]
ubuntu#swarm01:~$ sudo lsof -i:7946
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dockerd 451 root 30u IPv6 14558 0t0 TCP *:7946 (LISTEN)
dockerd 451 root 32u IPv6 14559 0t0 UDP *:7946
ubuntu#swarm01:~$ sudo lsof -i:4789
ubuntu#swarm01:~$
Thanks with the best regards,
Patrick Lee
The overlay network is a virtual network that the nodes use to communicate with each other internally.
If you want any traffic that's external to the swarm (including curl from the same VM) to reach your portainer containers, then you'll need to expose that port.
Using Docker CLI: https://docs.docker.com/engine/reference/commandline/service_create/#publish-service-ports-externally-to-the-swarm--p---publish
or Docker Compose: https://docs.docker.com/compose/compose-file/compose-file-v3/#ports
Note: you want to expose these containers as services, not as individual containers.
This is the first time i am deploying from Meteor-up and I followed the docs to deploy a dummy application first. I am deploying on a shared linux server. Everything is going great but i can't find my app on ROOT_URL. My domain is pointing to the server and that very domain is also my ROOT_URL. when I hit the domain link it goes to the index of file explorer on the server instead of my web app. I tried to find logs but logs command and --verbose flag returned no log and the command simply run as usual.
Mup version (``1.5.3`):
Mup config
{ "servers": {
"one": {
"host": "1.2.3.4",
"username": "totalti1",
"password": "password",
"opts": {
"port": 2083
}
} }, "proxy": {
"servers": {
"one": {}
},
"domains": "host.com,subdomain.host.com",
"shared": {
"httpPort": 80,
"httpsPort": 443
} }, "app": {
"name": "my-app",
"path": "../.",
"deployCheckWaitTime": 300,
"servers": {
"one": {}
},
"buildOptions": {
"serverOnly": true
},
"env": {
"ROOT_URL": "https://host.com",
"MONGO_URL": "mongodb://mongodb:27017/my-app",
"MONGO_OPLOG_URL": "mongodb://localhost/local",
"VIRTUAL_HOST": "host.com,subdomain.host.com",
"HTTPS_METHOD": "noredirect",
"VIRTUAL_PORT": 3000,
"HTTP_FORWARDED_COUNT": 1
},
"docker": {
"image": "abernix/meteord:node-12-base",
"prepareBundle": false,
"stopAppDuringPrepareBundle": true,
"imagePort": 3000,
"args": [
"--link=mongodb:mongodb"
]
},
"enableUploadProgressBar": true,
"type": "meteor" }, "mongo": {
"version": "3.4.1",
"servers": {
"one": {}
},
"dbName": "DemoApp" } }
the port of my host is 2083 and I am not sure if that is causing a problem. I am not sure if the deployment was unsuccessful or the URL had a mistake. I was able to get some log after setting the debug Environmental variable. And here is it.
Output of command
$ DEBUG=mup* mup reconfig --verbose
mup:updates checking for updates +0ms
mup:updates Packages: [ { name: 'mup', path: '/usr/lib/node_modules/mup/package.json' } ] +2ms
mup:updates retrieving tags for mup +2ms
mup:api Running command default.reconfig +0ms
mup:module:default exec => mup reconfig +0ms
mup:api Running command meteor.envconfig +2ms
mup:module:meteor exec => mup meteor envconfig +0ms
Started TaskList: Configuring App [213.136.76.119] - Pushing the Startup Script
mup:updates finished update check for mup +1s
I am looking for some instant help as i am stuck on this deployment for three days now. Thanks in Advance
EDIT
Is there a way to know that the deployment was successful or not. Also is there something wrong with my ROOT_URL? Root url contains the IP of server on which i have hosted the app. The domain also points to the IP. When I access by IP it says
Sorry!
IP changed or server misconfig or site may have moved to different ip. Contact your hosting provider.
When i access via domain it shows the empty directory the default domain is set to.
I made a POST API Request to to create Router with external network(SET Gateway for the router) .
endpoint: /api/networks/routers/:routerId
payload:
"router": {
"name: "myrout3r"
"external_gateway_info": {
"network_id": "659cf56-cad0-40a6-ae53-f24a2123508a",
"enable_snat": true
},
"admin_state_up": true
}
}
Response:
{
"router": {
"status": "ACTIVE",
"external_gateway_info": {
"network_id": "659c2f56-cad0-40a6-ae59-f24a2123508a",
"enable_snat": true,
"external_fixed_ips": [
{
"subnet_id": "52f0822b-2c36-4810-8653-a1a60b03a8b1",
"ip_address": "172.30.60.4"
}
]
},
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"description": "",
"tags": [],
"tenant_id": "5178acd154364430876d5aa687a9df7c",
"created_at": "2018-08-07T06:50:22Z",
"admin_state_up": true,
"distributed": false,
"updated_at": "2018-08-07T09:40:30Z",
"project_id": "5178acd154364430876d5aa687a9df7c",
"flavor_id": null,
"revision_number": 13,
"routes": [],
"ha": false,
"id": "398872f0-0cf6-4f48-8c94-f55623beace4",
"name": "router-szz"
}
}
My main problem here is : A new port get's created dynamically when i am adding a router gateway for the external network in the network's ports tab . But this information is not part of the response which i want it .
2) Should I enable DHCP for the external network , if not why ?
router_external_gateway
Ports of a router can be fetched from "ports" API instead of "router" API.
Ports associated with a router can be queried with the following REST API:
curl -s -H "X-Auth-Token: $OS_TOKEN" $OS_NETWORK_API/v2.0/ports?device_id={router_id}
Example:
curl -s -H "X-Auth-Token: $OS_TOKEN" $OS_NETWORK_API/v2.0/ports?device_id=b3b11b62-04da-4a98-a981-adcd42d9fe3e
On the image, you can see the service and the pod.
If I execute "curl localhost" inside the container, I get a response, but I am not able to access it from outside.
What is wrong?
This is the file I run "kubectl -f on:
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "wordpress-site",
"labels": {
"app": "web"
}
},
"spec": {
"containers": [
{
"name": "wordpress",
"image": "wp:latest",
"imagePullPolicy": "Never",
"ports": [
{
"containerPort": 80
}
]
}
]
}
}
First I would need some more information but with what you gave me I will make the assumption you want to access it from outside the node the pod is. For this problem we can use kubernetes services.
You could easy add the service configuration to the yaml file, here is the api reference for doing that: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#-strong-service-apis-strong-
Got it working by setting:
hostNetwork: true
I have created SQL Server and Database, Web App, published website and database and get to the log on screen of the website.
When I log in I receive a 500 including the IP address of the web app which currently isn't allowed to access the newly created SQL Server.
I'd very much like to harvest the assigned IP address (suspect it is AZURE internal IP address) to create a firewall rule in the template.
I'm successfully doing things like adding app settings for storage account keys and database connections strings. And these are working nicely.
Very frustrating to not be able to find any reference to the internal IP of the web site. I've tried the object explorer in the azure portal.
Suggestions appreciated!
Andy
If you are using Azure SQL, about how to set Azure Database firewall, please refer to the document.
Very frustrating to not be able to find any reference to the internal IP of the web site?
If want to let Azure service to access Azure SQL database, we just need to set
Allow access to Azure services on. And default value is on.
We also could get the outbound IPs, we can get them from the azure resources(https://resources.azure.com/) then add the outboundIpAddresses to the Azure SQL firewall rule allowed IP list.
Note : For Azure WebApp, the outboundIpAddresses are not static ips, they may be changed when we restart the WebApp or change WebApp service plan.
If we want to add firewall rule via ARM template, we could use the following demo code:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"testfirewallAdminLogin": {
"type": "string",
"minLength": 1
},
"testfirewallAdminLoginPassword": {
"type": "securestring"
}},
"variables": {
"testfirewallName": "[concat('testfirewall', uniqueString(resourceGroup().id))]"},
"resources": [
{
"name": "[variables('testfirewallName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [ ],
"tags": {
"displayName": "testfirewall"
},
"properties": {
"administratorLogin": "[parameters('testfirewallAdminLogin')]",
"administratorLoginPassword": "[parameters('testfirewallAdminLoginPassword')]"
},
"resources": [
{
"name": "AllowAllWindowsAzureIps",
"type": "firewallrules",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01-preview",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', variables('testfirewallName'))]"
],
"properties": {
"startIpAddress": "x.x.x.x",
"endIpAddress": "x.x.x.x"
}
}
]
}],
"outputs": {
}
}