Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NixOS 17.09: update container example in NixOS manual #25174

Closed
c0c0n3 opened this issue Apr 24, 2017 · 3 comments
Closed

NixOS 17.09: update container example in NixOS manual #25174

c0c0n3 opened this issue Apr 24, 2017 · 3 comments

Comments

@c0c0n3
Copy link

c0c0n3 commented Apr 24, 2017
edited
Loading

Issue description

Hi guys,
After reading the NixOS manual section on imperative container management, I followed the instructions there to run a web server in the container but then wasn't able to access the web server from the host using the curl command specified in the example. It looks like the example should also mention to allow incoming traffic on port 80 in the container config?

Steps to reproduce

Run all the commands specified in the NixOS manual section on imperative container management up to the point where you update the container's config to run a web server:

# nixos-container update foo --config 'services.httpd.enable = true; \
       services.httpd.adminAddr = "foo@example.org";'

Trying to run the next line in the example

# curl http://$(nixos-container show-ip foo)/

will result in curl hanging as packets are dropped, which you can see by running e.g. tcpdump. Adding this line to the container's config:

networking.firewall.allowedTCPPorts = [ 80 ];

fixed it for me. Maybe this should be mentioned in the manual? By the same token, it might also be worth mentioning that if Network Manager is running, you'll have to add this line for the example to work:

networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];

I know this is mentioned in a later section, but I reckon it's best to make it explicit? In fact, even though Network Manager is disabled by default, some modules, like Gnome 3, enable it automatically so whoever reads the example may not be aware Network Manager is up just because they didn't explicitly enable it in their configuration.

Technical details

  • System: NixOS: 17.03.882.d1c477e007 (Gorilla)
  • Nix version: 1.11.8
  • Nixpkgs version: 17.03.882.d1c477e007
danbst added a commit to danbst/nixpkgs that referenced this issue Apr 24, 2017
@danbst
Fix imperative container code examples
f3f1f2f 
Since some time Nixos has firewall enabled by default, so update example.
Also, remove newline escaping (it isn't needed).

Closes NixOS#25174
@danbst danbst mentioned this issue Apr 24, 2017
Merged
@danbst
Copy link
Contributor

danbst commented Apr 24, 2017

I guess the example was written in times when firewall was off by default.
Created a PR for that (#25180)

@danbst
Copy link
Contributor

danbst commented Apr 24, 2017

but sorry about your second issue - I have no opinion on that. Unfortunately I've marked my PR as "Closes #25174", so this issue may be autoclosed without resolution on this.

@c0c0n3
Copy link
Author

c0c0n3 commented Apr 24, 2017

cool, no prob. i only reported the issue cos they asked me to on #nixos. but yah, even if in general docs can be improved, there's enough info that peeps can easily figure out what's missing or ask on #nixos just like I did. I guess that was a long way to say: don't stress about it :-)

Profpatsch pushed a commit that referenced this issue Apr 24, 2017
@danbst @Profpatsch
Fix imperative container code examples
84b1c0c 
Since some time Nixos has firewall enabled by default, so update example.
Also, remove newline escaping (it isn't needed).

Closes #25174
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danbst @c0c0n3