Docker容器无法从github.com克隆
我目前正在尝试使用HypriotOS 0.6.1版在Raspberry Pi 2上运行Docker容器。 不幸的是,在我的家庭networking上,我无法从GitHub克隆。
root@aaeac2ab909d:/home/meteor# GIT_CURL_VERBOSE=1 git clone --depth 1 https://github.com/4commerce-technologies-AG/meteor.git Cloning into 'meteor'... * Couldn't find host github.com in the .netrc file; using defaults * Hostname was NOT found in DNS cache * Trying 192.30.252.129... * Connected to github.com (192.30.252.129) port 443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * server certificate verification OK * common name: github.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: * start date: Tue, 08 Apr 2014 00:00:00 GMT * expire date: Tue, 12 Apr 2016 12:00:00 GMT * issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 Extended Validation Server CA * compression: NULL * cipher: AES-128-GCM * MAC: AEAD > GET /4commerce-technologies-AG/meteor.git/info/refs?service=git-upload-pack HTTP/1.1 User-Agent: git/2.1.4 Host: github.com Accept: */* Accept-Encoding: gzip Pragma: no-cache < HTTP/1.1 200 OK * Server GitHub Babel 2.0 is not blacklisted < Server: GitHub Babel 2.0 < Content-Type: application/x-git-upload-pack-advertisement < Transfer-Encoding: chunked < Expires: Fri, 01 Jan 1980 00:00:00 GMT < Pragma: no-cache < Cache-Control: no-cache, max-age=0, must-revalidate < Vary: Accept-Encoding < X-GitHub-Request-Id: 4B8A08F2:2C58:14CD5B7:56972928 < * Connection #0 to host github.com left intact * Couldn't find host github.com in the .netrc file; using defaults * Found bundle for host github.com: 0x83cdf8 * Re-using existing connection! (#0) with host github.com * Connected to github.com (192.30.252.129) port 443 (#0) > POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1 User-Agent: git/2.1.4 Host: github.com Accept-Encoding: gzip Content-Type: application/x-git-upload-pack-request Accept: application/x-git-upload-pack-result Content-Length: 205 * upload completely sent off: 205 out of 205 bytes < HTTP/1.1 200 OK * Server GitHub Babel 2.0 is not blacklisted < Server: GitHub Babel 2.0 < Content-Type: application/x-git-upload-pack-result < Transfer-Encoding: chunked < Expires: Fri, 01 Jan 1980 00:00:00 GMT < Pragma: no-cache < Cache-Control: no-cache, max-age=0, must-revalidate < Vary: Accept-Encoding < X-GitHub-Request-Id: 4B8A08F2:2C58:14CD5EE:56972928 < * Connection #0 to host github.com left intact * Couldn't find host github.com in the .netrc file; using defaults * Found bundle for host github.com: 0x83cdf8 * Re-using existing connection! (#0) with host github.com * Connected to github.com (192.30.252.129) port 443 (#0) > POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1 User-Agent: git/2.1.4 Host: github.com Accept-Encoding: gzip Content-Type: application/x-git-upload-pack-request Accept: application/x-git-upload-pack-result Content-Length: 214 * upload completely sent off: 214 out of 214 bytes < HTTP/1.1 200 OK * Server GitHub Babel 2.0 is not blacklisted < Server: GitHub Babel 2.0 < Content-Type: application/x-git-upload-pack-result < Transfer-Encoding: chunked < Expires: Fri, 01 Jan 1980 00:00:00 GMT < Pragma: no-cache < Cache-Control: no-cache, max-age=0, must-revalidate < Vary: Accept-Encoding < X-GitHub-Request-Id: 4B8A08F2:2C58:14CD635:56972929 < remote: Counting objects: 2610, done. remote: Compressing objects: 100% (2235/2235), done. * GnuTLS recv error (-54): Error in the pull function.B/s * Closing connection 0 error: RPC failed; result=56, HTTP code = 200| 2.90 MiB/s fatal: The remote end hung up unexpectedly fatal: early EOF fatal: index-pack failed 这个错误每次都像时钟一样发生。 我把系统带到了一个新的networking上,工作得很好,这表明我的家庭networking有问题。
我怀疑这与我的路由器本地DNS设置使用DNSMasq有关,但我不积极。 以下是我的路由器上的DNSMasq选项:
路由器DNSMasq设置
主机/etc/resolv.conf
nameserver 127.0.1.1 search home.lan
容器/etc/resolv.conf
domain home.lan search home.lan nameserver 192.168.11.1
有趣的是,今天晚上我决定尝试用--net=host标志运行我的容器,想知道它是否与--net=host的bridge和我的networking设置有关。 这显然也完美的作品!
成功的容器git克隆
root@black-pearl:/home/meteor# GIT_CURL_VERBOSE=1 git clone --depth 1 https://github.com/4commerce-technologies-AG/meteor.git Cloning into 'meteor'... * Couldn't find host github.com in the .netrc file; using defaults * Hostname was NOT found in DNS cache * Trying 192.30.252.128... * Connected to github.com (192.30.252.128) port 443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * server certificate verification OK * common name: github.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: * start date: Tue, 08 Apr 2014 00:00:00 GMT * expire date: Tue, 12 Apr 2016 12:00:00 GMT * issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 Extended Validation Server CA * compression: NULL * cipher: AES-128-GCM * MAC: AEAD > GET /4commerce-technologies-AG/meteor.git/info/refs?service=git-upload-pack HTTP/1.1 User-Agent: git/2.1.4 Host: github.com Accept: */* Accept-Encoding: gzip Pragma: no-cache < HTTP/1.1 200 OK * Server GitHub Babel 2.0 is not blacklisted < Server: GitHub Babel 2.0 < Content-Type: application/x-git-upload-pack-advertisement < Transfer-Encoding: chunked < Expires: Fri, 01 Jan 1980 00:00:00 GMT < Pragma: no-cache < Cache-Control: no-cache, max-age=0, must-revalidate < Vary: Accept-Encoding < X-GitHub-Request-Id: 4B8A08F2:59C7:1E862A2:56972ABF < * Connection #0 to host github.com left intact * Couldn't find host github.com in the .netrc file; using defaults * Found bundle for host github.com: 0xb83df8 * Re-using existing connection! (#0) with host github.com * Connected to github.com (192.30.252.128) port 443 (#0) > POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1 User-Agent: git/2.1.4 Host: github.com Accept-Encoding: gzip Content-Type: application/x-git-upload-pack-request Accept: application/x-git-upload-pack-result Content-Length: 205 * upload completely sent off: 205 out of 205 bytes < HTTP/1.1 200 OK * Server GitHub Babel 2.0 is not blacklisted < Server: GitHub Babel 2.0 < Content-Type: application/x-git-upload-pack-result < Transfer-Encoding: chunked < Expires: Fri, 01 Jan 1980 00:00:00 GMT < Pragma: no-cache < Cache-Control: no-cache, max-age=0, must-revalidate < Vary: Accept-Encoding < X-GitHub-Request-Id: 4B8A08F2:59C7:1E86326:56972ABF < * Connection #0 to host github.com left intact * Couldn't find host github.com in the .netrc file; using defaults * Found bundle for host github.com: 0xb83df8 * Re-using existing connection! (#0) with host github.com * Connected to github.com (192.30.252.128) port 443 (#0) > POST /4commerce-technologies-AG/meteor.git/git-upload-pack HTTP/1.1 User-Agent: git/2.1.4 Host: github.com Accept-Encoding: gzip Content-Type: application/x-git-upload-pack-request Accept: application/x-git-upload-pack-result Content-Length: 214 * upload completely sent off: 214 out of 214 bytes < HTTP/1.1 200 OK * Server GitHub Babel 2.0 is not blacklisted < Server: GitHub Babel 2.0 < Content-Type: application/x-git-upload-pack-result < Transfer-Encoding: chunked < Expires: Fri, 01 Jan 1980 00:00:00 GMT < Pragma: no-cache < Cache-Control: no-cache, max-age=0, must-revalidate < Vary: Accept-Encoding < X-GitHub-Request-Id: 4B8A08F2:59C7:1E863C3:56972AC0 < remote: Counting objects: 2610, done. remote: Compressing objects: 100% (2235/2235), done. * Connection #0 to host github.com left intact | 2.47 MiB/s remote: Total 2610 (delta 245), reused 1412 (delta 149), pack-reused 0 Receiving objects: 100% (2610/2610), 14.26 MiB | 2.34 MiB/s, done. Resolving deltas: 100% (245/245), done. Checking connectivity... done. Checking out files: 100% (2413/2413), done.
我已经尝试禁用路由器上的DNSMasq,但这似乎没有帮助,所以我想知道是否有人有任何想法尝试让docker的本地桥接模式工作?
我忘了我在这里问这个问题。 但是,对于那些也遇到这个问题的人。
@aaronlehmann在GitHub上发现了这个解决scheme#1090 。 这个问题(可能仍然是)影响AWS实例,但也似乎影响一些住宅连接。
有两个可能的修复:
- 打开conntrack的“be liberal”标志:
echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal。 这会导致conntrack / NAT将TCP窗口外部的数据包视为正在跟踪的stream的一部分,而不是将其标记为无效,并使其由主机处理。 - 添加一条规则来丢弃无效的数据包,而不是允许它们触发RST:
iptables -I INPUT -m conntrack --ctstate INVALID -j DROP
对我来说, ip_conntrack_tcp_be_liberal在重启之后永远不会保持它的设置。 这需要手动运行上述命令,每次我想使用泊坞窗,所以对我来说最好的解决scheme是保存
iptables -I INPUT -m conntrack --ctstate INVALID -j DROP
进入我的iptables。
所有的问题然后消失了!