同一docker网络中另一个容器对已发布的暴露端口的访问被拒绝

同一docker网络中另一个容器对已发布的暴露端口的访问被拒绝

我无法lonelyisland从位于同一网络的另一个容器连接到网络中的一个容器。

docker run --rm --name spaceship --net lonelyisland --expose 8080 -p 8080:8080 --ip 172.18.0.8 quay.io/ahoi/spaceship:latest target/release/spaceship

据我理解-p,没有必要,--expose与给出的Dockerfile

该应用程序即使没有docker也能正常运行,所以它一定与docker(网络)相关。

基于 curl 的测试程序如下:

docker run --rm -it --name "curl-test" --net lonelyisland fedora:latest /bin/bash

设置test-curl

[root@52ac28b36b93 /]# dnf install iproute iputils
Fedora 24 - x86_64                                             54 MB/s |  47 MB     00:00    
Fedora 24 - x86_64 - Updates                                   54 MB/s |  21 MB     00:00    
Last metadata expiration check: 0:00:12 ago on Fri Feb 24 06:19:26 2017.
Dependencies resolved.
==============================================================================================
 Package                  Arch             Version                    Repository         Size
==============================================================================================
Installing:
 iproute                  x86_64           4.4.0-3.fc24               fedora            658 k
 iputils                  x86_64           20160308-3.fc24            updates           157 k
 linux-atm-libs           x86_64           2.5.1-14.fc24              fedora             40 k

Transaction Summary
==============================================================================================
Install  3 Packages

Total download size: 854 k
Installed size: 1.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): linux-atm-libs-2.5.1-14.fc24.x86_64.rpm                4.1 MB/s |  40 kB     00:00    
(2/3): iputils-20160308-3.fc24.x86_64.rpm                      12 MB/s | 157 kB     00:00    
(3/3): iproute-4.4.0-3.fc24.x86_64.rpm                         22 MB/s | 658 kB     00:00    
----------------------------------------------------------------------------------------------
Total                                                         752 kB/s | 854 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : linux-atm-libs-2.5.1-14.fc24.x86_64                                       1/3 
  Installing  : iproute-4.4.0-3.fc24.x86_64                                               2/3 
  Installing  : iputils-20160308-3.fc24.x86_64                                            3/3 
Failed to connect to bus: No such file or directory
  Verifying   : iproute-4.4.0-3.fc24.x86_64                                               1/3 
  Verifying   : linux-atm-libs-2.5.1-14.fc24.x86_64                                       2/3 
  Verifying   : iputils-20160308-3.fc24.x86_64                                            3/3 

Installed:
  iproute.x86_64 4.4.0-3.fc24                      iputils.x86_64 20160308-3.fc24             
  linux-atm-libs.x86_64 2.5.1-14.fc24             

Complete!

验证我们拥有正确的 IP 子网:

[root@52ac28b36b93 /]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
35: eth0@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.3/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe12:3/64 scope link 
       valid_lft forever preferred_lft forever

第一次尝试时我忘记启动容器

[root@52ac28b36b93 /]# curl -v 172.18.0.8:8080/
*   Trying 172.18.0.8...
* connect to 172.18.0.8 port 8080 failed: No route to host
* Failed to connect to 172.18.0.8 port 8080: No route to host
* Closing connection 0
curl: (7) Failed to connect to 172.18.0.8 port 8080: No route to host

这里我想要连接的容器已经启动并正在运行,我面临的实际问题

[root@52ac28b36b93 /]# curl -v 172.18.0.8:8080/
*   Trying 172.18.0.8...
* connect to 172.18.0.8 port 8080 failed: Connection refused
* Failed to connect to 172.18.0.8 port 8080: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 172.18.0.8 port 8080: Connection refused
[root@52ac28b36b93 /]# 

网络如下所示:

docker network inspect lonelyisland
[
    {
        "Name": "lonelyisland",
        "Id": "2bab66f7ba770cc4866afe1322ebf82985b078c614404333119bb54c5535b444",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Containers": {
            "1c2522ee9f06ec1d20a827ac0d8f2037081d0b7d25008057d016d0d1ba31b24c": {
                "Name": "spaceship",
                "EndpointID": "d18eaf2141c60e683e73967674c8d4f701793d9143480c5ad40c151be4464024",
                "MacAddress": "02:42:ac:12:00:08",
                "IPv4Address": "172.18.0.8/16",
                "IPv6Address": ""
            },
            "82cc532808d815236b638448a0c4b00c1dae44570d36837e314d5d6b05a7ff22": {
                "Name": "curl-test",
                "EndpointID": "cfd4a8e203980a6a848938a021d04631ade8d3724dc0af5f9027096bf894e0fb",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true"
        },
        "Labels": {}
    }
]

docker 创建 iptables

sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-ISOLATION  all  --  anywhere             anywhere            
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (2 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.18.0.8           tcp dpt:http-alt

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere 

有什么提示/想法吗?

答案1

于是我开始逐层深入研究,最后找到了基础镜像,即fedora:24 我使用 bash shell 进入容器,启动应用程序并从那里运行 curl。它也没有工作。由于某种奇怪的原因,应用程序无法在该容器中工作,我尝试了不同的基础镜像(git 中的当前版本)。它工作得很好。所以上面的东西都很好。

相关内容