search

jpetazzo / squid-in-a-can

361 stars 78 forks source link

You cannot link containers when using net=host #8

Open defender opened 9 years ago

defender commented 9 years ago
  1. You cannot link containers when using net=host\
  2. Also deploy_squid.py should be chmod +x inside dockerfile, otherwise you will get permission denied
  3. After all those changes I cannot download nothing I got following error on the squid side : TCP_MISS_ABORTED/000 0 GET http://ftp.freepark.org/pub/linux/distributions/centos/6.6/updates/x86_64/Packages/bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm

In case I set env http_proxy inside container It works like a charm.

Thanks,

tfoote commented 9 years ago
  1. is a duplicate of #7
  2. I cannot reproduce. I see deploy_squid.py as persisting it's executable flags inside the image
root@fc07bb57ad8f:/# ls /tmp/ -l
total 4
-rwxr-xr-x 1 root root 2633 Oct 31 17:21 deploy_squid.py

I tested with a freshly build image and the registry downloaded image, using docker 1.4.1

  1. Can you provide instructions on how to reproduce this?
defender commented 9 years ago

Thank you for response

This is the way Im running your solution on my Vagrant machine: 1, Ubuntu 14.04 as a host

  1. Docker 1.2
  2. Im not running with fig but manually

docker run -d -name=squid --net=host --privileged -e DISK_CACHE_SIZE=5000 -e MAX_CACHE_OBJECT=1000 squid

docker run --name=iptables --privileged --net=host iptables

After that Im trying to build my image without setting http_proxy inside Docker file :

Docker file

FROM centos:6.5 RUN yum reinstall glibc-common.x86_64 -y RUN yum -y install tar gzip krb5-devel zlib-devel sudo unzip which nc wget && clean all

Thanks.

tfoote commented 9 years ago

I can run your docker file executing the following: docker run -d -name=squid --net=host --privileged -e DISK_CACHE_SIZE=5000 -e MAX_CACHE_OBJECT=1000 jpetazzo/squid-in-a-can:latest docker run -ti --privileged --net=host iptables

Note: I ran the iptables with -ti not -d to be able to see the console output and so I can ctrl-c it to clean up the iptables on shutdown.

With the above run I could build the following dockerfile: 

FROM centos:6
RUN yum reinstall glibc-common.x86_64 -y
RUN yum -y install tar gzip krb5-devel zlib-devel sudo unzip which nc

What does your iptables look like for you when running? This is mine. 

$ sudo iptables --list -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http redir ports 3129

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        anywhere            

Chain DOCKER (2 references)
target     prot opt source               destination