11

Edit: I've managed to realize that the issue is with bridge networking, as network functionality seems fine with --net=host.

docker run -it --net=host busybox ping -c 1 8.8.8.8 works consistently.

Looking at this thread on reddit Docker network problem. Only works with --net=host the OP's issue was resolved by uninstalling ebtables. I've done the same but still have the same problem.

--

I've read through numerous threads (see below) trying to get to the bottom of an issue I'm having installing Discourse through a docker instance which fails when it tries to pull from github. Most threads point to issues in DNS, but I realized it's something else as I can't ping a static IP address either.

The discourse install fails with: cd /pups && git pull && /pups/bin/pups --stdin fatal: unable to access 'https://github.com/discourse/pups.git/': Could not resolve host: github.com

The oddest thing is that it works immediately after a restart:

systemctl restart docker

docker run -it busybox ping -c 1 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=58 time=0.646 ms

--- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.646/0.646/0.646 ms

docker run -it busybox ping -c 1 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

--- 8.8.8.8 ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss

No matter what, the subsequent call fails. I'm confused how to go about debugging this.

Distributor ID: Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:        18.04
Codename:       bionic
Docker version 18.09.5, build e8ff056 (released 2019-04-11)

Attempted fixes:

waffl
  • 5,179
  • 10
  • 73
  • 123
  • 1
    What does `cat /etc/resolv.conf` return? – Alassane Ndiaye Apr 18 '19 at 20:05
  • 1
    @AlassaneNdiaye it returns `nameserver 127.0.0.53 options edns0` - which I understand is problematic from a DNS perspective, but shouldn't pining a static IP still work? – waffl Apr 20 '19 at 13:05
  • 1
    It depends, does `ip -r` show a default route? If not, you should add a default route to your gateway. Also, did you change your DHCP settings recently by any chance? This reminds me of an issue I once had. – Alassane Ndiaye Apr 20 '19 at 16:27
  • 1
    `ip -r` does indeed show a default route to the gateway. I don't think anything has changed as it's a newly provisioned server. I've done all sorts of other tests in the meantime (disabled ipv6, made a custom bridge, flushed all iptables to default) - and same thing, the `docker0` bridge always loses its ip address after a network connection is initiated (only has an `ether` address). One thing I did notice is that it the system's network interface is `ens5` vs the typical `eth0` if it matters. – waffl Apr 24 '19 at 21:35
  • 1
    That's very odd. Assuming something is wrong with the default bridge, what happens if you create a new network using `docker network create my-net` and `docker container run --network my-net ...`. If that fixes the issue, you know the problem is caused by the default docker bridge configuration. – Alassane Ndiaye Apr 24 '19 at 22:17
  • This does attach properly but still no connectivity :( – waffl Apr 25 '19 at 08:34
  • From the link you posted: Have you already tried `service stop iptables`? Not something that should stay like this, but it might give a hint if it works then. – bellackn Apr 30 '19 at 08:43
  • Check if your host IP range collides with the docker IP range – AAber Apr 30 '19 at 10:07

2 Answers2

1

Docker is used for local host development testing, so the testing is configured to serve locally. If you want to talk to other hosts, try Docker Swarm, it might solve your direction for host to host communication and the other perks that Docker Swarm can do.

We might need to see more of your Dockerfile. The docker run commands you have presented are using the "-it" flag, which is for interactive mode for the container busybox you create. (Using your commands listed.)

I haven't used the --net flag, but from the course I took on Docker, after running a simple container you can build and create services that use network overlay techniques for Docker Swarm mode. https://docs.docker.com/network/overlay/

Disclosure: I took a Docker Course from Bret Fisher on Udemy.

Anna Bear
  • 11
  • 3
1

Our IT department finally pinpointed this to some sort of issue with IPv6 in Ubuntu 18.x, somehow connected to this systemd issue udevd: Could not generate persistent MAC address for $name: No such file or directory #3374 and exists up to systemd version 247, for which there is no update for Ubuntu 18.x

In the end, updating the distribution to 20.x solved our issue.

waffl
  • 5,179
  • 10
  • 73
  • 123