I was following the process mention on the azure site to create a docker machine in azure.
The docker was able to create the necessary components in Azure but comes back with the message of
No connection could be made because the target machine actively refused it.
Building the docker image or simply trying to query it with docker images returns this message.
I suspect that the IP Address assigned is not made public although it is configured in Azure. .
This is probably not docker related but to the Azure configuration. How does one ensure the IPAddress here is accessible and connectable externally?
Related
There is an intermittent issue while downloading docker images in a Linux VM. As per docker service journalctl logs I can see below error-
level=error msg="Handler for POST /images/create returned error: Get
"https://<containerregistry>": dial tcp: lookup
https://<containerregistry>: device or resource busy".
Initialy I thought it could be intermittent connectivity issue with container registry (Azure Container Registry) but that is not the case since even with retries at different time periods I got the same error.
I have checked the docker daemon.json config and don't see any issue with that. I also verified DNS servers in systemd-resolve and can see the expected IPs as required. Interestingly, another VM with same configs works fine.
I am using .Net Client for Docker Remote API (https://github.com/dotnet/Docker.DotNet) to trigger docker image updates. The client is hosted in a Linux VM which is triggered by via socket as an RPC call. It reaches the client and executes the API ImageOperation.CreateImageAsync.
Can someone help with this? Please let me know if I can add more details.
• Regarding the error that you are encountering, I would suggest you to please check the azure container registry health first by executing the below command: -
az acr check-health --name registryname --vnet virtualnetworkname
Then, check the internet upload and download speed through ‘AzureSpeed’ tool to the container registry which hosts the images layers. Also, it may be that the image size may not be supported for the registry service tier due to which it is not available.
• Ensure that both your ‘docker client’ and ‘docker daemon’ are configured for proxy behavior behind HTTPS proxy. If you have changed or updated any proxy settings, kindly ensure to restart the daemon service.
• Check the ‘Registry resource logs in the ContainerRegistryLoginEvents table’ for further diagnosis of an attempted connection. Also, check whether the registry is accessible over the internet and allow access to the public registry endpoints from all networks. If the container registry is configured for selected virtual network with a service endpoint, then disabling public network access also disables access over the service endpoint.
• If a private endpoint is configured for the container registry, confirm that the DNS resolves the registry's public FQDN such as myregistry.azurecr.io to the registry's private IP address. Use a network utility such as ‘dig’ or ‘nslookup’ for DNS lookup. Ensure that DNS records are configured for the registry FQDN and for each of the data endpoint FQDNs as per the below documentation link: -
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-private-link#dns-configuration-options
• If a service endpoint to the registry is configured, confirm that a network rule is added to the registry that allows access from that network subnet. Also, ensure that the resource provider for Azure Container Registry is registered.
For more details regarding the further steps to take to perform regarding the error that you have encountered, kindly refer to the documentation link below: -
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-troubleshoot-access#configure-service-access
Context:
Windows host (with up-to-date Docker For Windows).
Linux-based container running on said host.
MySQL database running on Azure (and not in a container).
When running the container it is impossible to ping the Azure database (let alone query it). The message indicates that it cannot find a route to {azure db IP}.
However I can easily access a database on my Windows host local network. I can also access the internet, for example to download ping tools on my container.
My Windows host can ping and query the Azure database.
I've tried messing with Docker ip configuration (in the visual application) as well as going into the container at run time and changing its ip address since Docker default address is in the same subnet as Azure.
I've even tried switching the virtual commutator on the hyper-v machine but Docker seems to recreate those configurations when restarting.
How can my container successfully route to an azure network?
Thank you for your advice and help.
Azure Container Services has the option now to run in containers.
To register the billing you have to give your API key + Billing URL.
Even though I configured everything correctly and the service works locally, my calls are not registered as quoata's.
PS: Dont try to run the container without an internet connection, it will block the calls then ;)
Willem,
Here's what I think is going on: The problem is the linux container host picks an IP address range for the container that includes the IP addresses of your local DNS servers. This makes it impossible for the container to resolve names as requests for that range just end up on the local container network and won't go to the DNS servers.
The problem is described in this entry along with several solutions. The best solution seems to be at the very bottom which is also described in the docker documentation. The short version of this is to update the routing table on the host with the reserved IP range so that docker won’t pick it for the container.
Hope this helps,
Henrik
I'm new in AWS and EC2, I created a very simple hello world node.js application and dockerized it and I'm able to access the api route from within the container in my local machine, then I deployed the docker image to the docker hub and pulled that image from an EC2 instance and ran the image the docker logs shows that container is running fine.
Then from the EC2 instance information I get the
IPv4 Public IP xx.xxx.x.xxx
From the browser I try going to http://xx.xxx.x.xxx:8080/
but it times out and can't be reached, I'm expecting to see the hello world.
wonder if I'm missing any thing?
You probably haven't whitelisted your IP! AWS resources by default will block unknown incoming requests. To allow your machine to access to the EC2 you have to add it's IP address to your EC2's security group.
I've a simple problem that I provisioned a Ubuntu 16.04 LTS VM with all of its default components. I ssh into the machine, installed Docker and expose a web app container at the port 80 where a simple static web app is running. But the problem is I can't access the application from the public ip address in the browser that has been created as a separate resource with ARM model. I also assigned a named DNS but could not work :(. I have a stand alone VM.
I previously tried Docker on Ubuntu Server Azure service where I need to configure VM's endpoints in the classical way and the same application was up and running. But how do I do that in a stand alone Ubuntu VM using ARM?
For ARM you need to configure Network Security Groups, instead of Endpoints.
You would want to allow traffic on port 80 to the VM. Here's the link to the documentation. And link to a guide on how to do that with Portal.