i found strange behavior regarding network port exposition between docker-compose vs docker, mean can not set docker-compose
on coreos vm running under virtualbox set 2 containers
- the first mysql database (mysql)
- the second web application image (myghost) build based on ghost image
a - method work : docker :
command use launch 2 containers
docker build -t myghost . docker run -d --name mysql -e mysql_root_password=root -e mysql_database=ghost -e mysql_password=password -e mysql_user=ghost -p 3306 mysql sudo docker run -d --link mysql --name ghost -p 80:2368 myghost port 80 correctly exposed , can connect host network
nmap scan vm shows port 80 open (nmap -st 192.168.1.25)
starting nmap 7.40 ( https://nmap.org ) @ 2017-04-05 23:06 cest nmap scan report coreos1.home (192.168.1.25) host (0.000088s latency). not shown: 996 closed ports port state service 22/tcp open ssh 80/tcp open http 4001/tcp open newoak 32779/tcp open sometimes-rpc21 mac address: 08:00:27:90:17:cf (oracle virtualbox virtual nic) iptables configuration (sudo iptables -l) returns :
chain docker (3 references) target prot opt source destination accept tcp -- anywhere 172.19.0.2 tcp dpt:mysql accept tcp -- anywhere 172.19.0.3 tcp dpt:2368 sudo iptables -s shows
-a docker -d 172.19.0.2/32 ! -i br-282da314ef5d -o br-282da314ef5d -p tcp -m tcp --dport 3306 -j accept -a docker -d 172.19.0.3/32 ! -i br-282da314ef5d -o br-282da314ef5d -p tcp -m tcp --dport 2368 -j accept nb: dockerfile build myghost image contains copy of js file
b - method not work: docker-compose :
here docker-compose.yml
version: '2' services: mysql: image: mysql container_name: mysql ports: - "3306" environment: - mysql_root_password=root - mysql_database=ghost - mysql_user=ghost - mysql_password=password myghost: build: ./myghost container_name: myghost depends_on: - mysql ports: - "80:2368" expose: - "80" nb in configuration try use expose: directive not change issue
i launch docker-compose --build -d. at first execution ghost webapp never starts (error connecting database) , strange because docker-compose.yml contains depends_on ...
docker inspect ghost container returns
error: connect econnrefused 172.19.0.2:3306
error: connect econnrefused 172.19.0.2:3306
at second run container starts
docker ps -a container id image command created status ports names 945d75995d11 appghost_myghost "/entrypoint.sh npm s" 21 minutes ago 21 minutes 80/tcp, 0.0.0.0:80->2368/tcp myghost aea76509818e mysql "docker-entrypoint.sh" 25 minutes ago 25 minutes 0.0.0.0:32776->3306/tcp mysql docker-compose ps name command state ports ---------------------------------------------------------------------------- myghost /entrypoint.sh npm start 0.0.0.0:80->2368/tcp, 80/tcp mysql docker-entrypoint.sh mysqld 0.0.0.0:32776->3306/tcp ping between 2 containers ok
web application unreacheable , shows port 80 filtered nmap scan
port state service 22/tcp open ssh 80/tcp filtered http 32780/tcp filtered sometimes-rpc23 i noticed way iptables -s configuration looks (only diff part)
-a docker -d 172.19.0.2/32 ! -i br-282da314ef5d -o br-282da314ef5d -p tcp -m tcp --dport 3306 -j accept -a docker -d 172.19.0.3/32 ! -i br-282da314ef5d -o br-282da314ef5d -p tcp -m tcp --dport 2368 -j accept more information
docker version 1.12.6, build d5236f0 docker-compose version 1.11.2, build dfed245 coreos 1298.7.0 virtualbox v5.1.8 / bridged network configuration uname -a: linux coreos1 4.10.4-coreos-r1 #1 smp fri mar 31 01:58:22 utc 2017 x86_64 intel(r) core(tm) i7-2600k cpu @ 3.40ghz genuineintel gnu/linux
reboot coreos when face kind of issue resolve problem
Comments
Post a Comment