Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: access to 10/8 CIDR despite no if with such IP? #431

Closed
haf opened this issue Mar 4, 2015 · 10 comments
Closed

Question: access to 10/8 CIDR despite no if with such IP? #431

haf opened this issue Mar 4, 2015 · 10 comments

Comments

@haf
Copy link

haf commented Mar 4, 2015

I'm experimenting with weave, aiming to use it together with consul to make our docker deployment across a couple of hosts a cluster with failover services running (registrator + consult + weave).

So far I'm in the 'learning' stage, so I have a question, I was hoping you might be able to answer.

I have run 'weave launch' and basically followed all steps in what seems to be the guide to weave https://sttts.github.io/docker/weave/mesos/2015/01/22/weave.html.

I haven't been able to:

  • automatically use weave when docker run is used

However, this is the state:

screen shot 2015-03-04 at 11 14 50

And when doing a docker exec inside eventstore.0, which was started with docker run as opposed to weave run it can still ping 10.0.0.1 -- how does with work out?

➜  ops git:(master) dockerip
697ac571ee06    172.17.0.24
1c41103cb271    172.17.0.17
cc079798d2c1    172.17.0.16
5ad6a9d93e56    172.17.0.9
75f4bc57613b    172.17.0.5
➜  ops git:(master) docker exec eventstore.0 ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.049 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.068 ms
^C%                                                                                           ➜  ops git:(master) docker exec eventstore.0 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
70: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:18 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.24/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:18/64 scope link
       valid_lft forever preferred_lft forever

PS: it is not my fault that docker named The Registrator "boring torvalds" 🎱

@rade
Copy link
Member

rade commented Mar 4, 2015

I have run 'weave launch' and basically followed all steps in what seems to be the guide to weave https://sttts.github.io/docker/weave/mesos/2015/01/22/weave.html.

The above is quite advanced usage of weave. If you are new to weave I strongly recommend you follow our intro in the README to become familiar with it.

@haf
Copy link
Author

haf commented Mar 4, 2015

I've followed that intro, too and yes, the output that you've written should come, comes.

@rade
Copy link
Member

rade commented Mar 4, 2015

As to your specific question, I suspect the answer can be found in our docs on application isolation, in particular this bit

By default docker permits communication between containers on the same host, via their docker-assigned IP addresses. For complete isolation between application containers, that feature needs to be disabled by setting --icc=false in the docker daemon configuration.

@haf
Copy link
Author

haf commented Mar 4, 2015

I see! Let me try it!

@haf
Copy link
Author

haf commented Mar 4, 2015

That didn't work. I have this in /var/lib/boot2docker/profile:

--bridge=weave --fixed-cidr=10.1.0.0/16 --icc=false

Doing a docker run still spawns a container w/o the weave nic.

Doing a weave run spawn a container like expected, with a NIC, ethwe with a 10.1.x.x ip (depending on args to run).

Pinging 10.1.0.2 (started above) from the container started with docker run doesn't seem to have isolation, despite the flags.

docker run still gives ips in the 172.17/16-network.

It might be that the docker daemon in boot2docker isn't reading the /var/lib-file -- but instead from somewhere else entirely.

boot2docker doesn't have the brctl command - perhaps that matters?

Doing a boot2docker restart seems to delete the /usr/local/bin/weave file.

@haf
Copy link
Author

haf commented Mar 4, 2015

/etc/default/docker didn't work either. New machines are still not getting the right CIDR.

@haf
Copy link
Author

haf commented Mar 4, 2015

So it seems that boot2docker is a very strange kind of linux, I'm giving up on it and using the coreos boxes that I'll use in prod instead. They seem differently configured.

@haf
Copy link
Author

haf commented Mar 4, 2015

Is there anywhere I can get help faster than this? It'll take many days to learn at this speed.

@haf
Copy link
Author

haf commented Mar 4, 2015

I'm going to try Deis and Flannel instead.

@haf haf closed this as completed Mar 4, 2015
@squaremo
Copy link
Contributor

squaremo commented Mar 4, 2015

Is there anywhere I can get help faster than this?

You could try (have tried) our IRC channel #weavenetwork on freenode.

@rade rade added this to the n/a milestone Apr 18, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants