[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Gear link from container localhost to host localhost address



On 30 June 2014 16:24, Clayton Coleman <ccoleman redhat com> wrote:
<snip>
> Can you look at journalctl -u ctr-<name_of_container> and see whether you're getting a permission denied error from the "gear" command that runs in ExecPostStart (which is what sets up the links)?  If you use "127.0.0.1" or "localhost" as the ToHost, we'll map that to the first "up" and non loopback interface we find in the device list.  When we find one, we print "Using <ip> for 127.0.0.1" from the gear command.  If you don't see that, you'll see an error.

Thanks for the quick reply Clayton,

On my machine `journalctl -u ...` doesn't seem to report anything. But
`gear status ...` does so here's the output.

```
(flocker-150)[vagrant localhost vagrant]$ journalctl -u ctr-382066406885
-- Logs begin at Mon 2014-05-19 01:06:05 BST, end at Mon 2014-06-30
15:21:27 BST. --
```

```
(flocker-150)[vagrant localhost vagrant]$ sudo gear status 382066406885
container_status: Unable to fetch container status logs: exit status 3
ctr-382066406885.service - Container 382066406885
   Loaded: loaded
(/var/lib/containers/units/38/ctr-382066406885.service; enabled)
   Active: failed (Result: exit-code) since Mon 2014-06-30 16:35:57 BST; 33s ago
  Process: 10329 ExecStop=/usr/bin/docker stop 382066406885
(code=exited, status=1/FAILURE)
  Process: 10239 ExecStartPost=/usr/bin/gear init --post 382066406885
flocker/send_xxx_to_31337 (code=exited, status=0/SUCCESS)
  Process: 10238 ExecStart=/usr/bin/docker run --rm --name
382066406885 --volumes-from 382066406885-data -a stdout -a stderr
flocker/send_xxx_to_31337 (code=exited, status=1/FAILURE)
  Process: 10226 ExecStartPre=/usr/bin/docker rm 382066406885
(code=exited, status=1/FAILURE)
  Process: 10176 ExecStartPre=/bin/sh -c /usr/bin/docker inspect
--format="Reusing {{.ID}}" "382066406885-data" || exec docker run
--name "382066406885-data" --volumes-from "382066406885-data"
--entrypoint /bin/true "flocker/send_xxx_to_31337" (code=exited,
status=0/SUCCESS)
 Main PID: 10238 (code=exited, status=1/FAILURE)

Jun 30 16:35:53 localhost.localdomain gear[10239]: user: unknown user
ctr-382066406885
Jun 30 16:35:54 localhost.localdomain gear[10239]: Updating network
namespaces for 10284
Jun 30 16:35:54 localhost.localdomain gear[10239]: Using 10.0.2.15/24
for 127.0.0.1
Jun 30 16:35:54 localhost.localdomain gear[10239]: Mapping
172.17.0.61(127.0.0.1):31337 -> 10.0.2.15:55590
Jun 30 16:35:54 localhost.localdomain systemd[1]: Started Container
382066406885.
Jun 30 16:35:55 localhost.localdomain docker[10238]: nc: can't connect
to remote host (127.0.0.1): Connection refused
Jun 30 16:35:57 localhost.localdomain systemd[1]:
ctr-382066406885.service: main process exited, code=exited,
status=1/FAILURE
Jun 30 16:35:57 localhost.localdomain docker[10329]: Error: No such
container: 382066406885
Jun 30 16:35:57 localhost.localdomain docker[10329]: 2014/06/30
16:35:57 Error: failed to stop one or more containers
Jun 30 16:35:57 localhost.localdomain systemd[1]: Unit
ctr-382066406885.service entered failed state.
```

You can see that the mapping appears to be set up correctly but that
nc receives a connection refused error.

The Dockerfile for the image that I'm using looks like this...

```
FROM busybox
CMD ["/bin/sh",  "-c", "sleep 1 && echo 'xxx' | nc 127.0.0.1 31337"]
```

It's ugly, but I've had to add the sleep because otherwise (my theory
is) that gear doesn't have time to set up the necessary iptables rules
in the container. If my theory is wrong or if there's a way to delay
the running of the Docker CMD until the links have been created, I'd
be interested to hear.

This is all for the purpose of a functional test and we have a socket
set up on the host listening for incoming connections and then
asserting the bytes received on the first connection.

Hope that all makes sense.

-RichardW.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]