[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Gear link from container localhost to host localhost address




----- Original Message -----
> On 30 June 2014 16:24, Clayton Coleman <ccoleman redhat com> wrote:
> <snip>
> > Can you look at journalctl -u ctr-<name_of_container> and see whether
> > you're getting a permission denied error from the "gear" command that runs
> > in ExecPostStart (which is what sets up the links)?  If you use
> > "127.0.0.1" or "localhost" as the ToHost, we'll map that to the first "up"
> > and non loopback interface we find in the device list.  When we find one,
> > we print "Using <ip> for 127.0.0.1" from the gear command.  If you don't
> > see that, you'll see an error.
> 
> Thanks for the quick reply Clayton,
> 
> On my machine `journalctl -u ...` doesn't seem to report anything. But
> `gear status ...` does so here's the output.
> 
> ```
> (flocker-150)[vagrant localhost vagrant]$ journalctl -u ctr-382066406885
> -- Logs begin at Mon 2014-05-19 01:06:05 BST, end at Mon 2014-06-30
> 15:21:27 BST. --
> ```
> 
> ```
> (flocker-150)[vagrant localhost vagrant]$ sudo gear status 382066406885
> container_status: Unable to fetch container status logs: exit status 3
> ctr-382066406885.service - Container 382066406885
>    Loaded: loaded
> (/var/lib/containers/units/38/ctr-382066406885.service; enabled)
>    Active: failed (Result: exit-code) since Mon 2014-06-30 16:35:57 BST; 33s
>    ago
>   Process: 10329 ExecStop=/usr/bin/docker stop 382066406885
> (code=exited, status=1/FAILURE)
>   Process: 10239 ExecStartPost=/usr/bin/gear init --post 382066406885
> flocker/send_xxx_to_31337 (code=exited, status=0/SUCCESS)
>   Process: 10238 ExecStart=/usr/bin/docker run --rm --name
> 382066406885 --volumes-from 382066406885-data -a stdout -a stderr
> flocker/send_xxx_to_31337 (code=exited, status=1/FAILURE)
>   Process: 10226 ExecStartPre=/usr/bin/docker rm 382066406885
> (code=exited, status=1/FAILURE)
>   Process: 10176 ExecStartPre=/bin/sh -c /usr/bin/docker inspect
> --format="Reusing {{.ID}}" "382066406885-data" || exec docker run
> --name "382066406885-data" --volumes-from "382066406885-data"
> --entrypoint /bin/true "flocker/send_xxx_to_31337" (code=exited,
> status=0/SUCCESS)
>  Main PID: 10238 (code=exited, status=1/FAILURE)
> 
> Jun 30 16:35:53 localhost.localdomain gear[10239]: user: unknown user
> ctr-382066406885
> Jun 30 16:35:54 localhost.localdomain gear[10239]: Updating network
> namespaces for 10284
> Jun 30 16:35:54 localhost.localdomain gear[10239]: Using 10.0.2.15/24
> for 127.0.0.1

This means we correctly translated localhost to 10.0.2.15 for the mapping

> Jun 30 16:35:54 localhost.localdomain gear[10239]: Mapping
> 172.17.0.61(127.0.0.1):31337 -> 10.0.2.15:55590
> Jun 30 16:35:54 localhost.localdomain systemd[1]: Started Container
> 382066406885.
> Jun 30 16:35:55 localhost.localdomain docker[10238]: nc: can't connect
> to remote host (127.0.0.1): Connection refused

Everything above looks correct - from the host system, can you `nc 10.0.2.15:55590`?

> Jun 30 16:35:57 localhost.localdomain systemd[1]:
> ctr-382066406885.service: main process exited, code=exited,
> status=1/FAILURE
> Jun 30 16:35:57 localhost.localdomain docker[10329]: Error: No such
> container: 382066406885
> Jun 30 16:35:57 localhost.localdomain docker[10329]: 2014/06/30
> 16:35:57 Error: failed to stop one or more containers
> Jun 30 16:35:57 localhost.localdomain systemd[1]: Unit
> ctr-382066406885.service entered failed state.
> ```
> 
> You can see that the mapping appears to be set up correctly but that
> nc receives a connection refused error.
> 
> The Dockerfile for the image that I'm using looks like this...
> 
> ```
> FROM busybox
> CMD ["/bin/sh",  "-c", "sleep 1 && echo 'xxx' | nc 127.0.0.1 31337"]
> ```
> 
> It's ugly, but I've had to add the sleep because otherwise (my theory
> is) that gear doesn't have time to set up the necessary iptables rules
> in the container. If my theory is wrong or if there's a way to delay
> the running of the Docker CMD until the links have been created, I'd
> be interested to hear.
> 
> This is all for the purpose of a functional test and we have a socket
> set up on the host listening for incoming connections and then
> asserting the bytes received on the first connection.
> 
> Hope that all makes sense.
> 
> -RichardW.
> 
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]