search

wido / docker-ipv6

Scripts and tools for Docker with IPv6 Prefix Delegation
MIT License
55 stars 7 forks source link

not working on Ubuntu 20.04.1-Ubuntu #1

Open Michael-MCP opened 3 years ago

Michael-MCP commented 3 years ago

I saw your blog and liked the idea here.

I noticed the ifupdown feature request to debian never went through I'm not sure if that effects things? but I followed your guide and this is not working in 20.04.1-Ubuntu. At first the /etc/docker/ipv6.prefix wasn't being populated. I was also unclear from the guidance if DOCKER_OPTS in /etc/default/docker should be run only on older systems or also on newer. After this everything seems to work however Docker itself becomes unresponsive.

Mike

Michael-MCP commented 3 years ago

okay, I looked in to this, maybe I missed something obvious but I'll add it here for the record. My environment (ubuntu 20.04) Docker version 20.10.8, build 3967b7d. link defines that /etc/docker/daemon.json needs to specify the ipv6 and not the startup deamon. rather that pipe the ip range to /etc/docker/ipv6.prefix I output it here--> 

{
  "ipv6": true,
  "fixed-cidr-v6": "2001:db8:1::/64"
}

then as you had it

/etc/systemd/system/dhclient6-pd.service 

    [Unit]
    Description=DHCPv6 Prefix Delegation client
    Wants=network.target network-online.target
    After=network.target network-online.target

    [Service]
    Type=simple
    Environment=NETWORK_INTERFACE=ens192
    ExecStart=/sbin/dhclient -6 -P -d ${NETWORK_INTERFACE}
    Restart=always
    RestartSec=10s

    [Install]
    WantedBy=multi-user.target

I did not need to alter /etc/systemd/system/docker.service

As you said, change /etc/sysctl.d/99-ipv6.conf

/etc/sysctl.d/99-ipv6.conf

    net.ipv6.conf.all.forwarding=1
    net.ipv6.conf.ens192.accept_ra=2

next, and I haven't tested if these are all required commands, I think I lost part of your automation here, I'll find out when I restart. 

systemctl stop docker.socket
systemctl stop docker
reload sysctl -p /etc/sysctl.d/99-ipv6.conf
/sbin/dhclient -6 -P -d ens192
nano /etc/docker/daemon.json
systemctl daemon-reload
systemctl reload docker

I was then able to start a container with exposed ports and see it had native IPv6 connectivity. To top it off, I was able to load the web content in my browser from a different machine. 

    docker run -d --name yubi2 -p 80:80 -p 443:443 -v /share/Docker/fido2/code:/var/www/html php:7.3.29-apache-buster 
docker exec -it d32c3fa674a7fa19384b200641f5a53234d598e0c593d5360c499be41e5a7ca1 /bin/bash
    root@d32c3fa674a7:/var/www/html# ifconfig
    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
            inet6 2a11:1234:1234:234:0:1234:1234:2  prefixlen 80  scopeid 0x0<global>
            inet6 fe80::42:acff:fe11:2  prefixlen 64  scopeid 0x20<link>
            ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
            RX packets 4217  bytes 9080598 (8.6 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 2524  bytes 218842 (213.7 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I'm very please with this, it achieves the aim of running docker on native IPv6 and allows each container to have a public IPv6 address. References: https://blog.widodh.nl/2016/03/docker-and-ipv6-prefix-delegation/ https://docs.docker.com/config/daemon/ipv6/