Develop Reference

Docker Compose: Use static and dynamic network interface in container

I have an app that needs to access the internet and a local resource in a local area network. I want to run this app with docker compose. My host-system has 4 physical network ports and I connect with two Ethernet cables to the local-area net and the internet.
Host system can ping addresses from both networks successfully. But from inside the container I get no ping to outside. Tried with ping, tried a specific port with nmap, to no avail.
I have the following output when I analyze the network interfaces:
# network configuration host-system
enp03s31f6:
IPv4: XXX.XXX.XXX.XX
IPv6: XXXX:XXXX:XXXX:XXXX
enp2s0:
IPv4: 192.168.163.222 # <- host computer's address in local network
IPv6: XXXX:XXXX:XXXX:XXXX <- somehow an IPv6 address is assigned but only IPv4 is relevant
My docker-compose.yml is posted below:
# docker-compose.yml
version: "3.6"
networks:
dhcp_net:
app_local_net:
driver_opts:
com.docker.network.bridge.host_binding_ipv4: "192.168.163.222"
ipam:
driver: default
config:
- subnet: "192.168.163.0/24"
services:
main:
build:
context: .
image: "my_custom_app"
ports:
- "192.168.163.222:520:520"
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
networks:
dhcp_net:
app_local_net:
ipv4_address: 192.168.163.222
command: ./start_my_app
Of course there are more services in the compose-file, I left them out for better focus.
when I go into the container while it is running, I can successfully install iputils-ping and ping internet addresses. When I try to ping an address in the local network (app_local_net), host is unreachable.
When I go and inspect the container's network, following output is generated:
docker network inspect my_app_app_local_net
[
{
"Name": "my_app_app_local_net",
"Id": "b43184e60537541a764c3479ece9e861c49169b7629f810f532276b9949b522f",
"Created": "2021-11-17T17:37:50.935949741+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "192.168.163.0/24"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"e3ae8336c0ac18f7d164a15bd9e7f590ffa18b8b1688900a7ad639f92ba7bcf2": {
"Name": "my_app_main_1",
"EndpointID": "4d2fa1e37a823144fe1ffd3ea4f0720d8be83d4fc17629d5921cbd781e775838",
"MacAddress": "02:42:c0:a8:a3:de",
"IPv4Address": "192.168.163.222/24",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.host_binding_ipv4": "192.168.163.222"
},
"Labels": {
"com.docker.compose.network": "app_local_net",
"com.docker.compose.project": "my_app",
"com.docker.compose.version": "1.29.2"
}
}
]
ifconfig shows the following:
root#container$:ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.21.0.2 netmask 255.255.0.0 broadcast 172.21.255.255
ether 02:42:ac:15:00:02 txqueuelen 0 (Ethernet)
RX packets 1132 bytes 1641413 (1.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 870 bytes 60160 (60.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.163.222 netmask 255.255.255.0 broadcast 192.168.163.255
ether 02:42:c0:a8:a3:de txqueuelen 0 (Ethernet)
RX packets 59 bytes 7508 (7.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 252 (252.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 188.10.163.4 netmask 255.255.255.0 broadcast 188.10.163.255
ether 02:42:bc:0a:a3:04 txqueuelen 0 (Ethernet)
RX packets 25 bytes 2975 (2.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 16 bytes 1716 (1.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1716 (1.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
if I do a $ ping -I eth1 192.168.163.102 inside the container, it will not work.
I see the following questions as related and already incorporated advice, but somehow I am stuck:
Docker compose yml static IP addressing
How can I make docker-compose bind the containers only on defined network instead of 0.0.0.0?
Docker Compose with static public IP over LAN but different with Host IP
Provide static IP to docker containers via docker-compose
Is there anything I am missing? Thanks for any help in advance :-)

meteor Verifying Deployment - Connection refused

I am trying to deploy a meteor Application, But I am receiving this error message on the Verifying Deployment section with the following error message -
------------------------------------STDERR------------------------------------
: (7) Failed to connect to 172.17.0.2 port 3000: Connection refused
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (7) Failed to connect to 172.17.0.2 port 3000: Connection refused
=> Logs:
=> Setting node version
NODE_VERSION=14.17.4
v14.17.4 is already installed.
Now using node v14.17.4 (npm v6.14.14)
default -> 14.17.4 (-> v14.17.4 *)
=> Starting meteor app on port 3000
=> Redeploying previous version of the app
When I do the sudo netstat -tulpn | grep LISTEN in the server it shows this
tcp 0 0 10.0.3.1:53 0.0.0.0:* LISTEN 609/dnsmasq
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 406/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 745/sshd: /usr/sbin
tcp6 0 0 :::22 :::* LISTEN 745/sshd: /usr/sbin
When I run sudo docker ps i receive the following message -
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e51b1b4bf3a3 mup-appName:latest "/bin/sh -c 'exec $M…" About an hour ago Restarting (1) 49 seconds ago appName
68b723183f3d mongo:3.4.1 "/entrypoint.sh mong…" 9 days ago Restarting (100) 9 seconds ago mongodb
In my firewall i have also opened the Port 3000
If I check the Docker is running it seems like there is no docker running!!
Also in my mup.js file I am using http and not https
module.exports = {
servers: {
one: {
host: 'xx.xx.xxx.xxx',
username: 'ubuntu',
pem: '/home/runner/.ssh/id_rsa'
}
},
meteor: {
name: 'appName',
path: '../../',
docker: {
image: 'zodern/meteor:latest',
},
servers: {
one: {}
},
buildOptions: {
serverOnly: true
},
env: {
PORT: 3000,
ROOT_URL: 'http://dev-api.appName.com/',
NODE_ENV: 'production',
MAIL_URL: 'smtp://xxxx:xxx/eLPCB3nw3jubkq:#email-smtp.eu-north-1.amazonaws.com:587',
MONGO_URL: 'mongodb+srv://xxx:xx#xxx.iiitd.mongodb.net/Development?retryWrites=true&w=majority'
},
deployCheckWaitTime: 15
}
proxy: {
domains: 'dev.xxx.com',
ssl: {
letsEncryptEmail: 'info#xxx.com'
}
}
}
Any idea what might cause this issue?

I don't know why, but in the MUP docs the correct image name is zodern/meteor:root
If your app is slow to start, increase the deployCheckWaitTime . In my complex apps I put 600, just to ensure the app is up.

Impossible to activate HugePage on AKS nodes

Hi dear Stackoverflow community,
I'm struggling in HugePage activation on a AKS cluster.
I noticed that I first have to configure a nodepool with HugePage support.
The only official Azure Hugepage doc is about transparentHugePage (https://learn.microsoft.com/en-us/azure/aks/custom-node-configuration), but I don't know if it's sufficient...
Then I know that I have to configure pod also
I wanted to rely on this (https://kubernetes.io/docs/tasks/manage-hugepages/scheduling-hugepages/), but as 2) not working...
But in despite of whole things i've done, I could not make it.
If I'm following Microsoft documentation, my nodepool spawn like this:
"kubeletConfig": {
"allowedUnsafeSysctls": null,
"cpuCfsQuota": null,
"cpuCfsQuotaPeriod": null,
"cpuManagerPolicy": null,
"failSwapOn": false,
"imageGcHighThreshold": null,
"imageGcLowThreshold": null,
"topologyManagerPolicy": null
},
"linuxOsConfig": {
"swapFileSizeMb": null,
"sysctls": {
"fsAioMaxNr": null,
"fsFileMax": null,
"fsInotifyMaxUserWatches": null,
"fsNrOpen": null,
"kernelThreadsMax": null,
"netCoreNetdevMaxBacklog": null,
"netCoreOptmemMax": null,
"netCoreRmemMax": null,
"netCoreSomaxconn": null,
"netCoreWmemMax": null,
"netIpv4IpLocalPortRange": "32000 60000",
"netIpv4NeighDefaultGcThresh1": null,
"netIpv4NeighDefaultGcThresh2": null,
"netIpv4NeighDefaultGcThresh3": null,
"netIpv4TcpFinTimeout": null,
"netIpv4TcpKeepaliveProbes": null,
"netIpv4TcpKeepaliveTime": null,
"netIpv4TcpMaxSynBacklog": null,
"netIpv4TcpMaxTwBuckets": null,
"netIpv4TcpRmem": null,
"netIpv4TcpTwReuse": null,
"netIpv4TcpWmem": null,
"netIpv4TcpkeepaliveIntvl": null,
"netNetfilterNfConntrackBuckets": null,
"netNetfilterNfConntrackMax": null,
"vmMaxMapCount": null,
"vmSwappiness": null,
"vmVfsCachePressure": null
},
"transparentHugePageDefrag": "defer+madvise",
"transparentHugePageEnabled": "madvise"
But My node is still like that:
# kubectl describe nodes aks-deadpoolhp-31863567-vmss000000|grep hugepage
Capacity:
attachable-volumes-azure-disk: 16
cpu: 8
ephemeral-storage: 129901008Ki
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 32940620Ki
pods: 110
Allocatable:
attachable-volumes-azure-disk: 16
cpu: 7820m
ephemeral-storage: 119716768775
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 28440140Ki
pods: 110
My kube version is 1.16.15
I saw also that I should enable featuregate like this --feature-gates=HugePages=true (https://dev.to/dannypsnl/hugepages-on-kubernetes-5e7p) but I don't know how to make that in AKS... anyway As my node is not displaying any HugePage availability, i'm not sure it's useful for now.
I even try to recreate the aks cluster with a --kubeconfig, but everything remain the same: i cannot use HugePage...
Please I need your help again, i'm completely lost into this AKS service...

Install kubectl-node-shell on your laptop
curl -LO https://github.com/kvaps/kubectl-node-shell/raw/master/kubectl-node_shell
chmod +x ./kubectl-node_shell
sudo mv ./kubectl-node_shell /usr/local/bin/kubectl-node_shell
Get the nodes you want to get inside:
kubectl get pod <YOUR_POD> -o custom-columns=CONTAINER:.spec.nodeName -n <YOUR_NAMESPACE>
If node is NONE, that means your pod is in pending state. Pick up one random node:
kubectl get pod -n <YOUR_NAMESPACE>
Get inside your node:
kubectl node-shell <NODE>
Configure Hugepage:
mkdir -p /mnt/huge
mount -t hugetlbfs nodev /mnt/huge
echo 1024 > /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages
cat /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages
Restart kubelet (still in the node, yes):
systemctl restart kubelet
Exit from node-shell by C-d (Ctrl + d)
Check HugePage is ON (ie. Values must not be 0)
kubectl describe node <NODE>|grep -i -e "capacity" -e "allocatable" -e "huge"
Either check you pod not in pending state anymore, or launch your helm install/kubectl apply now!

Connection refused when connecting to the exposed port on docker container

Dockerfile looks like this:
FROM ubuntu:latest
LABEL Spongebob Dockerpants "s.dockerpants#comcast.net"
RUN apt-get update -y
RUN apt-get install -y python3-pip python3-dev build-essential
#Add source files
COPY . /app
ENV HOME=/app
WORKDIR /app
# Install Python web server and dependencies
RUN pip3 install -r requirements.txt
ENV FLASK_APP=app.py
# Expose port
EXPOSE 8090
#ENTRYPOINT ["python3"]
CMD ["python3", "app.py"]
CMD tail -f /dev/null
I started the container like this:
docker run --name taskman -p 8090:8090 -d task-manager-app:latest
I see the container running, and my localhost listening on 8090:
CORP\n0118236 # a-33jxiw0rv8is5 in ~/docker_pete/flask-task-manager on master*
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c1ac5cb27698 task-manager-app:latest "/bin/sh -c 'tail -f…" About a minute ago Up About a minute 0.0.0.0:8090->8090/tcp taskman
CORP\n0118236 # a-33jxiw0rv8is5 in ~/docker_pete/flask-task-manager on master*
$ sudo netstat -nlp | grep 8090
tcp6 0 0 :::8090 :::* LISTEN 1154/docker-proxy
I tried to reach 8090 on the container via localhost per the docker run command I issued, but get 'connection refused'
CORP\n0118236 # a-33jxiw0rv8is5 in ~/docker_pete/flask-task-manager on master*
$ curl http://localhost:8090
curl: (56) Recv failure: Connection reset by peer
I then inspected the port-binding, and it looks ok:
CORP\n0118236 # a-33jxiw0rv8is5 in ~/docker_pete/flask-task-manager on master*
$ sudo docker port c1ac5cb27698 8090
0.0.0.0:8090
When I do a docker inspect , I see this:
$ docker inspect c1ac5cb27698 | grep -A 55 "NetworkSettings"
"NetworkSettings": {
"Bridge": "",
"SandboxID": "7c2249761e4f48eef373c6744161b0709f312863c94fdc17138913952be698a0",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"8090/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8090"
}
]
},
"SandboxKey": "/var/run/docker/netns/7c2249761e4f",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "ea7552d0ba9e8f0c865fa4a0f24781811c7332a1e7473c48e88fa4dbe6e5e05d",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "cfb5be57fdeed8a08b1650b5706a00542c5249903ce33052ff3f0d3dab619675",
"EndpointID": "ea7552d0ba9e8f0c865fa4a0f24781811c7332a1e7473c48e88fa4dbe6e5e05d",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
I am able to ping the container from my localhost:
CORP\n0118236 # a-33jxiw0rv8is5 in ~/docker_pete/flask-task-manager on master*
$ ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=255 time=0.045 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=255 time=0.042 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=255 time=0.047 ms
^C
--- 172.17.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2053ms
rtt min/avg/max/mdev = 0.042/0.044/0.047/0.008 ms
Is there anything in the configuration that would be causing these connection refused? Is something wrong with the binding?

Your docker file contains two CMD line, but docker will only honor the latest one.
CMD ["python3", "app.py"]
CMD tail -f /dev/null
The actual command executed inside your container is the tail command, which doesn't bind and listen on the port. You can ping the container because the container is alive with the tail command.

Multicontainer Docker application failing on deploy

So I have a problem with deploying my application to elastic beanstalk at Amazon. My application is a multi-container Docker application that includes node server and mongoDB inside of it. Somehow the application crashes every time and I get this bizarre error from mongoDB.
Error is as follows:
18-05-28T12:53:02.510+0000 I CONTROL [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 3867 processes, 32864 files. Number of processes should be at least 16432 : 0.5 times number of files.
2018-05-28T12:53:02.540+0000 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data'
2018-05-28T12:53:02.541+0000 I NETWORK [initandlisten] waiting for connections on port 27017
2018-05-28T12:53:03.045+0000 I CONTROL [signalProcessingThread] got signal 15 (Terminated), will terminate after current cmd ends
2018-05-28T12:53:03.045+0000 I NETWORK [signalProcessingThread] shutdown: going to close listening sockets...
2018-05-28T12:53:03.045+0000 I NETWORK [signalProcessingThread] removing socket file: /tmp/mongodb-27017.sock
2018-05-28T12:53:03.045+0000 I FTDC [signalProcessingThread] Shutting down full-time diagnostic data capture
2018-05-28T12:53:03.047+0000 I STORAGE [signalProcessingThread] WiredTigerKVEngine shutting down
2018-05-28T12:53:03.161+0000 I STORAGE [signalProcessingThread] shutdown: removing fs lock...
2018-05-28T12:53:03.161+0000 I CONTROL [signalProcessingThread] now exiting
2018-05-28T12:53:03.161+0000 I CONTROL [signalProcessingThread] shutting down with code:0
This is my Dockerrun.aws.json file:
{
"AWSEBDockerrunVersion": 2,
"volumes":[
{
"name": "mongo-app",
"host": {
"sourcePath": "/var/app/mongo-app"
}
},
{
"name": "some-api",
"host": {
"sourcePath": "/var/app/some-api"
}
}
],
"containerDefinitions": [
{
"name": "mongo-app",
"image": "mongo:latest",
"memory": 128,
"portMappings": [
{
"hostPort": 27017,
"containerPort": 27017
}
],
"mountPoints": [
{
"sourceVolume": "mongo-app",
"containerPath": "/data/db"
}
]
},
{
"name": "server",
"image": "node:8.11",
"memory": 128,
"portMappings": [
{
"hostPort": 80,
"containerPort": 8001
}
],
"links": [
"mongo-app"
],
"mountPoints":[
{
"sourceVolume": "some-api",
"containerPath": "/some-data"
}
]
}
]
}
And this is my Dockerfile:
FROM node:8.11
RUN mkdir -p /api
WORKDIR /api
COPY package.json /api
RUN cd /api && npm install
COPY . /api
EXPOSE 8001
CMD ["node", "api/app.js"]
Any Ideas why the application is crashing and does not deploy? It seems to me that the mongoDB is causing the problem but I cant understand or find the root of the problem.
Thank you in advance!

I spent a while trying to figure this out as well.
The solution: Add a mountpoint for "containerPath": "/data/configdb". Mongo expects to be able to write to both /data/db and /data/configdb.
Also, you might want to bump up "memory": 128 for Mongo to something higher.