search

moby / moby

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
https://mobyproject.org/
Apache License 2.0
68.61k stars 18.64k forks source link

Docker swarm published port not routing from localhost IPv6 (::1) #31818

Closed titpetric closed 7 years ago

titpetric commented 7 years ago

Description

I'm trying to run a simple docker swarm service, exposing it with -p 80:80. The service responds on the LAN IP (eth0), but does not respond on localhost (even if connection is established).

Steps to reproduce the issue:

  1. docker service create --replicas 5 --network party-swarm --update-parallelism 5 --name sonyflake -p 80:80 titpetric/sonyflake
  2. telnet LAN_IP 80
  3. telnet localhost 80

Describe the results you received:

root@swarm1:~# telnet 10.55.8.161 80
Trying 10.55.8.161...
Connected to 10.55.8.161.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 200 OK
Content-Type: application/json; charset=utf-8
Date: Tue, 14 Mar 2017 12:21:51 GMT
Content-Length: 79

{"id":134158187438800902,"machine-id":6,"msb":0,"sequence":0,"time":7996451106}Connection closed by foreign host.
root@swarm1:~# telnet localhost 80
Trying ::1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0

...
^\^]
telnet> quit
Connection closed.

Describe the results you expected:

I expected that telnet localhost 80 will respond as it does with others.

Additional information you deem important (e.g. issue happens only occasionally):

Actually, it seems to be related to ipv6, because this:

root@swarm1:~# curl -s 127.0.0.1
{"id":134158900856356871,"machine-id":7,"msb":0,"sequence":0,"time":7996493629}
root@swarm1:~# ping localhost
PING localhost(localhost (::1)) 56 data bytes
64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.034 ms
64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.044 ms
^C
root@swarm1:~# curl -s localhost
^C

Output of docker version:

Client:
 Version:      17.03.0-ce
 API version:  1.26
 Go version:   go1.7.5
 Git commit:   60ccb2265
 Built:        Thu Feb 23 10:58:26 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.03.0-ce
 API version:  1.26 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   60ccb2265
 Built:        Thu Feb 23 10:58:26 2017
 OS/Arch:      linux/amd64
 Experimental: false

Output of docker info:

Containers: 2
 Running: 2
 Paused: 0
 Stopped: 0
Images: 7
Server Version: 17.03.0-ce
Storage Driver: devicemapper
 Pool Name: docker-8:1-5243831-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: ext4
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 1.096 GB
 Data Space Total: 107.4 GB
 Data Space Available: 106.3 GB
 Metadata Space Used: 1.901 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.146 GB
 Thin Pool Minimum Free Space: 10.74 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Deferred Deletion Enabled: false
 Deferred Deleted Device Count: 0
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.137 (2016-11-30)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: active
 NodeID: 2jrjw0f0t6k2hbf2w0d41db2x
 Is Manager: true
 ClusterID: 2y5aa4qjf3e6akbclqx2rnx71
 Managers: 3
 Nodes: 3
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 3
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
 Node Address: 10.55.8.161
 Manager Addresses:
  10.55.8.161:2377
  10.55.8.162:2377
  10.55.8.163:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 977c511eda0925a723debdc94d09459af49d082a
runc version: a01dafd48bc1c7cc12bdb01206f9fea7dd6feb70
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-1-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 7.792 GiB
Name: swarm1
ID: 3ER2:7GXI:IZR5:O7M6:HKJT:I22T:LOWM:NVW2:CBGL:5WV3:3B2Y:2YW4
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):

Hyper-V VM, 3 node swarm, running on leader:

root@swarm1:~# docker node ls
ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
2jrjw0f0t6k2hbf2w0d41db2x *  swarm1    Ready   Active        Leader
aet822iruebj35gu4vlkn70bb    swarm3    Ready   Active        Reachable
l4bdxu989ktteb61cte66dqbc    swarm2    Ready   Active        Reachable
aluzzardi commented 7 years ago

Looks like a duplicate of #28492

@titpetric Could you try with 127.0.0.1 instead? We think localhost resolves to ::1 and this is an IPv6 issue.

/cc @sanimej @mavenugo

aluzzardi commented 7 years ago

Dispatching to @mavenugo for routing

titpetric commented 7 years ago

@aluzzardi I have already this info in the original report. It is a duplicate, it seems it affects docker from 1.12, 1.13 up to 17.03, If you'd like to adjust the labels on that report and close this one I am fine with that.

mavenugo commented 7 years ago

Thanks @titpetric. Yes. lets close this in favor of #28492 and adjust the labels.