I created a docker container from the docker image centos:7, and started it through the following command:
docker run -h centos -it CONTAINER_ID
You can see that I gave it the hostname centos, so it should work if I ping the docker container from my host machine.
ping centos
Well, it didn't work. I got the following error.
ping: centos: Name or service not known
However, it worked if I changed the hostname to the IP address of the docker container.
> ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.037 ms
Since ip address is not as reliable as the hostname, I would like to know how I can ping my docker container via hostname.
If you want to reach your container via hostname, you need to add the respective IP in /etc/hosts on your host computer. As Docker does not modify anything on the host you have to do this manually.
echo "$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' centos) centos" >> /etc/hosts
Instead I would advise to map the required container ports on the host (using -p <local-port>:<container-port>).
Related
I have a non-containerized nginx instance serving as reverse proxy for containerized as well as non-containerized services.
Since container IPs can change on reboot, I don't want to use them in the nginx config file. I was looking for a simple way to reference the containers.
Docker containers can reference each other by container name i.e. DNS lookup of container names gives container's IP. I was looking for something similar but names should be resolvable from host OS.
Constraints:
Solution should work with existing containers. So no docker run ... commands
I have tried mageddo/dns-proxy-server. It is supposed to resolve container names but it does not even after setting the right environment variables.
sudo docker run -d \
--restart unless-stopped \
--name dns-proxy-server \
-p 5380:5380 \
-e MG_REGISTER_CONTAINER_NAMES=true \
--hostname dns.mageddo \
-v /opt/dns-proxy-server/conf:/app/conf \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/resolv.conf:/etc/resolv.conf defreitas/dns-proxy-server
PS: Though nginx is taken as an example, the DNS lookup feature is helpful in many other scenarios. So I am looking for DNS lookup solution and not simply a fix for the nginx issue.
There is a solution which you can implement. Start the DNS server first.
docker run --rm --hostname dns.mageddo --name dns-proxy-server -p 5380:5380 \
-v /opt/dns-proxy-server/conf:/app/conf \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /etc/resolv.conf:/etc/resolv.conf \
defreitas/dns-proxy-server
Then run a test container to test the hostname
docker run --hostname test.intranet nginx
Testing it
ping test.intranet
PING test.intranet (172.18.0.3) 56(84) bytes of data.
64 bytes from 172.18.0.3 (172.18.0.3): icmp_seq=1 ttl=64 time=0.072 ms
64 bytes from 172.18.0.3 (172.18.0.3): icmp_seq=2 ttl=64 time=0.050 ms
64 bytes from 172.18.0.3 (172.18.0.3): icmp_seq=3 ttl=64 time=0.052 ms
64 bytes from 172.18.0.3 (172.18.0.3): icmp_seq=4 ttl=64 time=0.046 ms
Processes outside of Docker can't access the Docker DNS system; except for one specific configuration they can't access the container-private IPs either.
Instead you can publish ports out of your containers using the docker run -p option or Compose ports: option. A port number you specify will be stable, and will survive across container restarts. If you don't want the port to be directly accessible off-host, you can limit it to only being accessible from the host's loopback interface.
docker run -d --name backend \
-p 127.0.0.1:8001:3000 \ # port 8001 reaches this container, only on lo0
...
match /backend/ {
proxy_pass http://localhost:8001/
}
If it's important for your nginx configuration to use the Docker-internal DNS, you can run the nginx proxy inside Docker too.
I have a container that runs jupyter-hub on 443 and mapped to 1443 on the host. I'm trying to run this server behind the apache in another container. But, the two containers are not able to talk to each other.
I have tried setting the iptables for each container, but no use.
sudo iptables -A INPUT -m state -s 172.17.0.2 --state NEW -mtcp -p tcp --dport 1443 -j ACCEPT
172.17.0.2 is the IP of jupyterhub container.
You need to create a user defined network which allows containers to talk with each other.
When you do docker run, provide the network parameter with your user defined network.
Please see a simple example below.
docker network create --driver bridge my_custom_network
docker run --network=my_custom_network -itd --name=container1 busybox
docker run --network=my_custom_network -itd --name=container2 busybox
docker attach container2
/ # ping container1
PING container3 (172.19.0.2): 56 data bytes
64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.113 ms
64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.147 ms
64 bytes from 172.19.0.2: seq=2 ttl=64 time=0.146 ms
64 bytes from 172.19.0.2: seq=3 ttl=64 time=0.146 ms
Below link provides more details:
https://docs.docker.com/v17.09/engine/userguide/networking/#user-defined-networks
The problem when the 2 containers not able to talk to each other is due to the fact that they are not in the same docker network. Here are what you have to do:
List all the available networks: docker network ls
Find out which network the apache container is running in
docker inspect <apache_container_id> -f "{{json .NetworkSettings.Networks }}"
If apache container is in host network, create a new network and attached it to that container
docker network create apache_network
docker network connect apache_network <apache_container_id>
Launch your jupyter-hub container in that same network docker run ... --network apache_network ...
The 2 containers can not be able to talk to each other using their container name.
Try to use the DNS and not IP when dealing with containers as IP may change quite frequently.
ping google.com
ping: google.com: Name or service not know
Above is the error i am getting when using the ping command in CentOs 7.
Please share your thoughts what might be wrong here.
You can use nmtui to connect network, then everything will be fine.
From the issue you are facing,I can tell that DNS is not working and your machine is not able to resolve domain name.
One way to quick fix this issue is to run below command:
..# dhclient
..# ping google.com
dhclient-command reconfigures your network settings and it might require root priviledge to execute this command.
The results of both ping and wget indicate that your computer is unable to reach a DNS Server in order to resolve the hostname google.com. This isn't an error with ping, but rather a problem with the internet connection on your machine.
Try to ping the google name servers : 8.8.8.8 or 8.8.4.4. If this works your routing and basic networking is functioning if not https://www.networkworld.com/article/2693416/unix-networking-basics-for-the-beginner.html
i think that the first thing to try is
$ ping -c 3 localhost # -c 3 limits the number of pings to 3
if that produces a result something like this:
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.138 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.102 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.105 ms
then ping is installed and working in principle. if not, then the problem is either that your ether port is not active or connected (see other posts using 'nmtui' to set your port coordinates) or ping is either not installed or broken. in these latter cases i am not sure what to suggest.
After new install of Ubuntu15.10 my commands(ping, ssh, ...) are using different IP address than one resolved by nslookup, host, dig, ...
How could this happen?
user#ubuntu-15-10:~$ nslookup foobar.com
Server: 127.0.1.1
Address: 127.0.1.1#53
Non-authoritative answer:
foobar.com canonical name = foobar.homeip.net.
Name: foobar.homeip.net
Address: 12.34.56.78
user#ubuntu-15-10:~$ host foobar.com
foobar.com is an alias for foobar.homeip.net.
foobar.homeip.net has address 12.34.56.78
user#ubuntu-15-10:~$ ping foobar.com
PING foobar.com (192.168.1.3) 56(84) bytes of data.
64 bytes from foobar.localdomain.home (192.168.1.3): icmp_seq=1 ttl=64 time=0.245 ms
64 bytes from foobar.localdomain.home (192.168.1.3): icmp_seq=2 ttl=64 time=0.285 ms
64 bytes from foobar.localdomain.home (192.168.1.3): icmp_seq=3 ttl=64 time=0.269 ms
^C
--- foobar.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.245/0.266/0.285/0.021 ms
user#ubuntu-15-10:~$
My /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search localdomain.home
My /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] wins dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
No entry for foobar.com in /etc/hosts
Anyone any idea?
I found a fix myslef after some investigation...
Problem was in /etc/nsswitch.conf:
at "hosts" line: "dns" entry should be before "wins" entry...
I don't understand what's behind, however now it works like expected
Sorry, the server configured is some strange fake server, probably at your own machine. The server address [127.0.1.1] is normally reserved for localhost interfaces (this is strange, as the localhost address is actually 127.0.0.1, and not 127.0.1.1)
The most probably cause you are receiving different responses is that nslookup(1) is a BIND utility to test dns access (it only uses dns lookups) and ping(1) uses the gethostbyname(3) library routine (which considers all possibilities configured in /etc/nsswitch.conf file for information on how to proceed, in this case, being the dns part the last resort)
On other side, the actual address of host foobar.com is not that one (see below).
Finally, the address foobar.com resolved by ping(1) as shown in your output is one private address (not the actual one, see RFC-1918), you cannot find that host over internet.
The most probable thing is that you have not asked for dns resolution to any official internet nameserver, so everything is a matter of local dns configuration.
Possible causes of the difference:
mdns4_minimal is some fake program that doesn't ask the actual nameserver.
dns is the last option in the /etc/nsswitch.conf, so official DNS protocol goes last (when all other protocols have failed)
your dns is not listening in address 127.0.1.1 and you have some ssh port redirection or tunnel to someother nameserver giving the wrong answers. The address 127.0.1.1 is normally used by the tap* network device when used for example to configure openvpn(1) client connections.
You have not shown the nameserver config files running at your machine. Perhaps the origin of the address you get is there. Look for named(8) config files and search for the domain foobar.com in those config files.
None of the addresses you shown is a real internet address (127.0.0.0/8, 10.0.0.0/8, 172.16-31.0.0/16, 192.168.0-255.0/24 and 169.254.0.0/16 are all reserved internet addresses for one or other reason, and you won't see any of these addresses appearing on packets coming from internet) The reasons are diverse, but the fact is that all your traffic is local in your private network and nothing, except perhaps the nameserver running at your machine has internet access.
Sorry but with the information you provide, this is the only I can argue to try to solve your error.
Something you can do is the following (to get a clean dns resolution):
configure dns after files in /etc/nsswitch.conf. This will give dns priority before that mdns4_minimal and wins resolution)
configure nameserver <ip> with the actual addresses of your nameservers (They should be communicated to you by your internet provider. If you don't know what to put there, just try nameserver 8.8.8.8 which means use the google nameserver to solve addresses. Fortunately, it is open to everybody)
These steps will make dns resolution to overpass your local nameserver completely and you'll get something like
$ nslookup foobar.com
Server: 46.183.73.1
Address: 46.183.73.1#53
Non-authoritative answer:
Name: foobar.com
Address: 69.89.31.56
$ ping foobar.com
PING foobar.com (69.89.31.56): 56 data bytes
64 bytes from 69.89.31.56: icmp_seq=0 ttl=50 time=173.196 ms
64 bytes from 69.89.31.56: icmp_seq=1 ttl=50 time=175.091 ms
64 bytes from 69.89.31.56: icmp_seq=2 ttl=50 time=208.612 ms
64 bytes from 69.89.31.56: icmp_seq=3 ttl=50 time=177.145 ms
^C
--- foobar.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 173.196/183.511/208.612/14.559 ms
$ _
If you have installed ubuntu and didn't configure internet connection at installation, the most probable cause is that it has configured dns locally with a fake database that allows you to make experiments, before configuring it for real internet access.
On host machine, it's very fast to lookup a domain. But inside docker container, it's much
slower and sometimes timeout.
The host machine is a virtual host, and it's dns server address is 127.0.0.1 (weird but true). So I've tried to modify /etc/resolv.conf inside container and set the dns server to be 172.x (host's address). As a result, I didn't see any good effect.
I've also tried to set the container's dns server to be a self-built one (101.x), but still, it's slow to look up a domain. Another weird thing is that ping 101.x is very fast.
I'm confused about this phenomenon, anyone can explain and help?
I am not sure of why resolving DNS is slow in the containers, but I have procedure which I follow to resolve the DNS in the docker containers.
To verify DNS resolution issue:
# docker run busybox nslookup google.com
Server: 8.8.8.8
Address 1: 8.8.8.8
nslookup: can't resolve 'google.com'
Find out the DNS server used in your machine :
# nm-tool |grep DNS
DNS: 172.24.100.50
DNS: 10.1.100.50
Run it again using DNS IP found in the above step which resolves the DNS issue:
# docker run --dns 172.24.100.50 busybox nslookup google.com
Server: 172.24.100.50
Address 1: 172.24.100.50 indc01.radisys.com
Name: google.com
Address 1: 2607:f8b0:4009:80c::200e ord36s01-in-x0e.1e100.net
Address 2: 172.217.4.110 ord36s04-in-f14.1e100.net
To resolve it permanently add the following content as below to a new file:
root#labadmin-VirtualBox:/home/labadmin# cat /etc/docker/daemon.json
{
"dns" : ["172.24.100.50", "8.8.8.8"]
}
More info on Docker DNS configuration.
Restart the docker service and verify it again:
# docker run busybox nslookup google.com
Server: 172.24.100.50
Address 1: 172.24.100.50 indc01.radisys.com
Name: google.com
Address 1: 2607:f8b0:4009:801::200e ord30s31-in-x0e.1e100.net
Address 2: 172.217.4.238 ord30s31-in-f14.1e100.net
Check it by running the container:
# docker run -it e02e811dd08f
/ # ping google.com
PING google.com (172.217.4.238): 56 data bytes
64 bytes from 172.217.4.238: seq=0 ttl=47 time=251.506 ms
64 bytes from 172.217.4.238: seq=1 ttl=47 time=245.621 ms
Hope this helps.