暴露的端口没有实际暴露? – RHEL7运行RHEL7泊坞窗图像
我无法联系在RHEL 7中运行的RHEL 7 docker容器 。 问题来自同一networking中的其他计算机 。 主机可以联系在Docker容器中运行的自己的烧瓶服务器 。 容器是裸露的金属,没有firewalld或iptables 。
我有docker-compose连接一个mysql:latest镜像和运行python烧瓶的裸机rhel7 。 我有一台运行在同一个RHEL 7主机上的mysql服务器,而且我可以很好地从同一个networking中的另一台计算机上得到它。 我没有关于如何构build特定rhel图像的信息,并且它是封闭的源代码,所以我必须解决这个问题,但是, mysql图像来自registry.access.redhat.com 。
一些输出
一些私人信息被replace???
docker信息
$ docker info Containers: 22 Running: 2 Paused: 0 Stopped: 20 Images: 67 Server Version: 1.12.6 Storage Driver: devicemapper Pool Name: docker-253:1-117440691-pool Pool Blocksize: 65.54 kB Base Device Size: 10.74 GB Backing Filesystem: xfs Data file: /dev/loop0 Metadata file: /dev/loop1 Data Space Used: 13.65 GB Data Space Total: 107.4 GB Data Space Available: 89.54 GB Metadata Space Used: 15.32 MB Metadata Space Total: 2.147 GB Metadata Space Available: 2.132 GB Thin Pool Minimum Free Space: 10.74 GB Udev Sync Supported: true Deferred Removal Enabled: true Deferred Deletion Enabled: true Deferred Deleted Device Count: 0 Data loop file: ??? WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. Metadata loop file: ??? Library Version: 1.02.140-RHEL7 (2017-05-03) Logging Driver: journald Cgroup Driver: systemd Plugins: Volume: local Network: bridge null host overlay Authorization: rhel-push-plugin Swarm: inactive Runtimes: docker-runc runc Default Runtime: docker-runc Security Options: seccomp selinux Kernel Version: 3.10.0-693.1.1.el7.x86_64 Operating System: Red Hat Enterprise Linux Server 7.4 (Maipo) OSType: linux Architecture: x86_64 Number of Docker Hooks: 3 CPUs: 2 Total Memory: 11.58 GiB Name: ??? ID: ??? Docker Root Dir: ??? Debug Mode (client): false Debug Mode (server): false Http Proxy: http://???.com:82 Https Proxy: http://???.com:82 Registry: https://???.com/v1/ WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled Insecure Registries: 127.0.0.0/8 Registries: ???.com (secure), registry.access.redhat.com (secure), docker.io (secure)
运行dockerps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES db053a1518e3 ???_server "/usr/bin/python Laun" 54 minutes ago Up 54 minutes 0.0.0.0:8087->8087/tcp ???_server_1 69d512050bb9 ???_db "docker-entrypoint.sh" 54 minutes ago Up 54 minutes 0.0.0.0:3306->3306/tcp ???_db_1
运行netstat
对于mysql:
$ sudo netstat -anp | grep 3306 tcp6 0 0 :::3306 :::* LISTEN 30338/docker-proxy-
对于烧瓶:
$ sudo netstat -anp | grep 8087 tcp6 0 0 :::8087 :::* LISTEN 30454/docker-proxy- unix 3 [ ] STREAM CONNECTED 368087 21392/dockerd-curre /var/run/docker.sock
为什么我认为这是容器的错误 – 使用nc / telnet
mysql容器使用的是Ubuntu,我相信这可能与RHEL有不同的权限。 来自同一networking中的另一台计算机的nc给我:
$ nc 100.71.26.29 3306 J5.7.19{)EOm3ÿÿÁQZBTm%KM-mysql_native_password
这不是说太多,但至less我们知道它正在运行。
现在,我从相同的基础镜像创build了testingdocker镜像,并安装了nc 。 我跑了以下几点:
$ nc -l 8088 hello world!
hello world! 是从我的主机从我的telnet连接:
$ telnet localhost 8088 Trying ::1... Connected to localhost. Escape character is '^]'. hello world! ^] telnet> Connection closed.
这意味着它在同一台机器上工作。
现在,让我们在单独的机器上尝试。
单独的机器无法连接:
$ telnet 100.71.26.29 8088 Trying 100.71.26.29... # hangs forever telnet: connect to address 100.71.26.29: Connection timed out
为什么我认为这是容器的错 – 使用curl
在localhost中为特定的端口运行curl给了我想要的烧瓶服务器:
$ curl localhost:8087 ... A lot of HTML ... <div> <input id = "get-csv" type = "submit" class = "custom-button"> </div> </td> </tr> </table> </div>
通过执行以下命令运行curl内部docker工具:
$ docker exec -it server:latest /bin/bash ... docker$ curl localhost:8087 ... A lot of HTML ... <div> <input id = "get-csv" type = "submit" class = "custom-button"> </div> </td> </tr> </table> </div>
但是从另一台计算机运行curl失败:
$ curl 100.71.26.29:8087 # hangs for like 2 minutes: <FONT face="Helvetica"> <big>Network Error (tcp_error)</big> <BR> <BR> </FONT> </TD></TR> <TR><TD> <FONT face="Helvetica"> A communication error occurred: "Operation timed out" </FONT> </TD></TR> <TR><TD> <FONT face="Helvetica"> The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time. </FONT> </TD></TR> <TR><TD> <FONT face="Helvetica" SIZE=2> <BR> For assistance, contact your network support team. </FONT> </TD></TR> </TABLE> </blockquote> </FONT> </BODY></HTML>
那么有没有人对这里发生了什么有什么想法? 谢谢!